przez Lucky17 11 Sie 2014, 16:09
Wyskakuje bs. o nazwie w tytule. Proszę o sprawdzenie loga i pomoc.
- Kod: Zaznacz wszystko
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-11 16:02:14
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160811AS rev.3.AAE 149,05GB
Running: 6ycc2jn2.exe; Driver: S:\Users\Lucky\AppData\Local\Temp\awrdqkow.sys
---- User code sections - GMER 2.1 ----
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1740] S:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlservice.exe[2008] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000076cfbd70 8 bytes {JMP QWORD [RIP-0x16cfbd2e]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\kernel32.dll!CreateProcessW 0000000076d0e7b0 12 bytes {JMP QWORD [RIP-0x16d0e73e]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSASend 000007fefd8914b0 10 bytes {JMP QWORD [RIP+0x169ece2]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd891be1 8 bytes {JMP QWORD [RIP+0x169e4f2]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSARecv 000007fefd892200 10 bytes {JMP QWORD [RIP+0x169df62]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!recv 000007fefd892940 10 bytes {JMP QWORD [RIP+0x169d7f2]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!connect + 1 000007fefd894f61 6 bytes {JMP QWORD [RIP+0x169b112]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!send 000007fefd8972d0 10 bytes {JMP QWORD [RIP+0x1698e32]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!sendto 000007fefd89dc80 7 bytes {JMP QWORD [RIP+0x16925a2]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd89ddb0 3 bytes [FF, 25, D2]
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd89ddb4 6 bytes [69, 01, CC, CC, CC, CC]
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd8b6eb0 7 bytes {JMP QWORD [RIP+0x1679312]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8bdb70 7 bytes {JMP QWORD [RIP+0x1672532]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd8be140 7 bytes {JMP QWORD [RIP+0x1672112]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WS2_32.dll!recvfrom 000007fefd8be350 7 bytes {JMP QWORD [RIP+0x1671ea2]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WININET.dll!InternetQueryOptionA + 1 000007fefd655f59 6 bytes {JMP QWORD [RIP+0x18da47a]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WININET.dll!InternetQueryOptionW + 1 000007fefd65e305 6 bytes {JMP QWORD [RIP+0x18d20fe]}
.text S:\Windows\system32\Dwm.exe[1452] S:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd6694e8 6 bytes {JMP QWORD [RIP+0x18c6e2a]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000076cfbd70 8 bytes {JMP QWORD [RIP-0x16cfbd2e]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\kernel32.dll!CreateProcessW 0000000076d0e7b0 12 bytes {JMP QWORD [RIP-0x16d0e73e]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\SHELL32.dll!ShellExecuteExW 000007fefe1d5528 10 bytes {JMP QWORD [RIP-0x2b51e6]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\ole32.dll!CoGetClassObject 000007fefef67728 10 bytes {JMP QWORD [RIP-0x10476e6]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefcd139f0 7 bytes {JMP QWORD [RIP+0x120c8c2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefcd13b44 7 bytes {JMP QWORD [RIP+0x120c79e]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSASend 000007fefd8914b0 10 bytes {JMP QWORD [RIP+0x68ece2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd891be1 8 bytes {JMP QWORD [RIP+0x68e4f2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSARecv 000007fefd892200 10 bytes {JMP QWORD [RIP+0x68df62]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!recv 000007fefd892940 10 bytes {JMP QWORD [RIP+0x68d7f2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!connect + 1 000007fefd894f61 6 bytes {JMP QWORD [RIP+0x68b112]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!send 000007fefd8972d0 10 bytes {JMP QWORD [RIP+0x688e32]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!sendto 000007fefd89dc80 7 bytes {JMP QWORD [RIP+0x6825a2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd89ddb0 3 bytes [FF, 25, D2]
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd89ddb4 6 bytes [68, 00, CC, CC, CC, CC]
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd8b6eb0 7 bytes {JMP QWORD [RIP+0x669312]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8bdb70 7 bytes {JMP QWORD [RIP+0x662532]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd8be140 7 bytes {JMP QWORD [RIP+0x662112]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WS2_32.dll!recvfrom 000007fefd8be350 7 bytes {JMP QWORD [RIP+0x661ea2]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WININET.dll!InternetQueryOptionA + 1 000007fefd655f59 6 bytes {JMP QWORD [RIP+0x8ca4aa]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WININET.dll!InternetQueryOptionW + 1 000007fefd65e305 6 bytes {JMP QWORD [RIP+0x8c212e]}
.text S:\Windows\Explorer.EXE[2224] S:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd6694e8 6 bytes {JMP QWORD [RIP+0x8b6e2a]}
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 000000011004d1be
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 000000011004fdac
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 000000011004b384
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 000000011004b2f1
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 000000011004e403
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 000000011004f22f
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 000000011004b7e2
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 00000001100500bb
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 000000011004ed10
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 00000001100518b7
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 000000011004fb0e
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 000000011004e7b3
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 000000011005121d
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 000000011004eb7d
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 000000011004ff80
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 0000000110051727
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 000000011004f55a
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 000000011004fc18
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 0000000110051a76
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 000000011003b3e4
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\wininet.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 000000011004b9ef
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\wininet.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [A7, 99]
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\wininet.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 0000000110050b6b
.text S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe[2840] S:\Windows\syswow64\wininet.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 000000011004ba11
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007710000c 1 byte [C3]
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007718f50a 5 bytes JMP 000000017713dba1
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 000000010eafd1be
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 000000010eaffdac
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 000000010eafb384
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 000000010eafb2f1
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 000000010eafe403
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 000000010eaff22f
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 000000010eafb9ef
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [52, 98]
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 000000010eb00b6b
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WININET.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 000000010eafba11
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 000000010eaeb3e4
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 000000010eafb7e2
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 000000010eb000bb
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 000000010eafed10
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 000000010eb018b7
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 000000010eaffb0e
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 000000010eafe7b3
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 000000010eb0121d
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 000000010eafeb7d
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 000000010eafff80
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 000000010eb01727
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 000000010eaff55a
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 000000010eaffc18
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 000000010eb01a76
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe[2848] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2968] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000076cfbd70 8 bytes {JMP QWORD [RIP-0x16cfbd2e]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\kernel32.dll!CreateProcessW 0000000076d0e7b0 12 bytes {JMP QWORD [RIP-0x16d0e73e]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\ole32.dll!CoGetClassObject 000007fefef67728 10 bytes {JMP QWORD [RIP-0x15976e6]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSASend 000007fefd8914b0 10 bytes {JMP QWORD [RIP+0x13ece2]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefd891be1 8 bytes {JMP QWORD [RIP+0x13e4f2]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSARecv 000007fefd892200 10 bytes {JMP QWORD [RIP+0x13df62]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!recv 000007fefd892940 10 bytes {JMP QWORD [RIP+0x13d7f2]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!connect + 1 000007fefd894f61 6 bytes {JMP QWORD [RIP+0x13b112]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!send 000007fefd8972d0 10 bytes {JMP QWORD [RIP+0x138e32]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!sendto 000007fefd89dc80 7 bytes JMP 63006d
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSASendTo 000007fefd89ddb0 3 bytes JMP 180000
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSASendTo + 4 000007fefd89ddb4 6 bytes JMP 180000
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefd8b6eb0 7 bytes {JMP QWORD [RIP+0x119312]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd8bdb70 7 bytes JMP 0
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefd8be140 7 bytes JMP 0
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WS2_32.dll!recvfrom 000007fefd8be350 7 bytes JMP 0
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WININET.dll!InternetQueryOptionA + 1 000007fefd655f59 6 bytes {JMP QWORD [RIP+0x37a4aa]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WININET.dll!InternetQueryOptionW + 1 000007fefd65e305 6 bytes {JMP QWORD [RIP+0x37212e]}
.text S:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[1476] S:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefd6694e8 6 bytes {JMP QWORD [RIP+0x366e2a]}
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 0000000102cbd1be
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 0000000102cbfdac
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 0000000102cbb384
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 0000000102cbb2f1
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 0000000102cbe403
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 0000000102cbf22f
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 0000000102cbb7e2
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 0000000102cab3e4
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 0000000102cbb9ef
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [6E, 8C]
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 0000000102cc0b6b
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WININET.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 0000000102cbba11
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 0000000102cc00bb
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 0000000102cbed10
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 0000000102cc18b7
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 0000000102cbfb0e
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 0000000102cbe7b3
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 0000000102cc121d
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 0000000102cbeb7d
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 0000000102cbff80
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 0000000102cc1727
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 0000000102cbf55a
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 0000000102cbfc18
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 0000000102cc1a76
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3704] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 00000001022ed1be
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 00000001022efdac
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 00000001022eb384
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 00000001022eb2f1
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 00000001022ee403
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 00000001022ef22f
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 00000001022eb7e2
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 00000001022db3e4
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 00000001022f00bb
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 00000001022eed10
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 00000001022f18b7
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 00000001022efb0e
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 00000001022ee7b3
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 00000001022f121d
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 00000001022eeb7d
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 00000001022eff80
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 00000001022f1727
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 00000001022ef55a
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 00000001022efc18
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 00000001022f1a76
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 00000001022eb9ef
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [D1, 8B]
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 00000001022f0b6b
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\WININET.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 00000001022eba11
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe[3712] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5056] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5076] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5092] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4828] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4560] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3948] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\PROGRA~2\RELEVA~1\rlvknlg32.exe[4696] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 000000011004d1be
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 000000011004fdac
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 000000011004b384
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 000000011004b2f1
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 000000011004e403
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 000000011004f22f
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 000000011003b3e4
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\shell32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 000000011004b7e2
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 00000001100500bb
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 000000011004ed10
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 00000001100518b7
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 000000011004fb0e
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 000000011004e7b3
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 000000011005121d
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 000000011004eb7d
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 000000011004ff80
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 0000000110051727
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 000000011004f55a
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 000000011004fc18
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 0000000110051a76
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 000000011004b9ef
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [A7, 99]
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 0000000110050b6b
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\WININET.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 000000011004ba11
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\OTL.exe[3096] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074d2102d 5 bytes JMP 000000011004d1be
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000074d39a84 5 bytes JMP 000000011004fdac
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000074e81c82 5 bytes JMP 000000011004b384
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 0000000074e8bcd5 5 bytes JMP 000000011004b2f1
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c811a0 5 bytes JMP 000000011004e403
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c811ef 5 bytes JMP 000000011004f22f
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!sendto 0000000076cb3aed 5 bytes JMP 00000001100500bb
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!closesocket 0000000076cb3bed 5 bytes JMP 000000011004ed10
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSARecvFrom 0000000076cb418d 5 bytes JMP 00000001100518b7
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!recv 0000000076cb47df 5 bytes JMP 000000011004fb0e
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!connect 0000000076cb48be 5 bytes JMP 000000011004e7b3
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSASend 0000000076cb68a7 5 bytes JMP 000000011005121d
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076cbbb9b 5 bytes JMP 000000011004eb7d
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!recvfrom 0000000076cbbf39 5 bytes JMP 000000011004ff80
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076cbc29f 5 bytes JMP 0000000110051727
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!send 0000000076cbc4c8 5 bytes JMP 000000011004f55a
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000076cbe860 5 bytes JMP 000000011004fc18
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WS2_32.dll!WSASendTo 0000000076ccadc4 5 bytes JMP 0000000110051a76
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000074fda2d4 5 bytes JMP 000000011003b3e4
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA 00000000765d6449 2 bytes JMP 000000011004b9ef
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WININET.dll!InternetQueryOptionA + 3 00000000765d644c 2 bytes [A7, 99]
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 00000000765f5d1c 5 bytes JMP 0000000110050b6b
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\WININET.dll!InternetQueryOptionW 000000007660cfa1 5 bytes JMP 000000011004ba11
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000766d1401 2 bytes JMP 74d3eb26 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000766d1419 2 bytes JMP 74d4b513 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000766d1431 2 bytes JMP 74dc8609 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000766d144a 2 bytes CALL 74d21dfa S:\Windows\syswow64\kernel32.dll
.text ... * 9
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766d14dd 2 bytes JMP 74dc7efe S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766d14f5 2 bytes JMP 74dc80d8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000766d150d 2 bytes JMP 74dc7df4 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000766d1525 2 bytes JMP 74dc81c2 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000766d153d 2 bytes JMP 74d3f088 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000766d1555 2 bytes JMP 74d4b885 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000766d156d 2 bytes JMP 74dc86c1 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000766d1585 2 bytes JMP 74dc8222 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000766d159d 2 bytes JMP 74dc7db8 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766d15b5 2 bytes JMP 74d3f121 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766d15cd 2 bytes JMP 74d4b29f S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766d16b2 2 bytes JMP 74dc8584 S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766d16bd 2 bytes JMP 74dc7d4d S:\Windows\syswow64\kernel32.dll
.text S:\Users\Lucky\Desktop\6ycc2jn2.exe[5128] S:\Windows\syswow64\Shell32.dll!ShellExecuteExW 0000000075631b8c 5 bytes JMP 000000011004b7e2
---- Kernel code sections - GMER 2.1 ----
INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG S:\Windows\system32\ntoskrnl.exe suspicious modification
---- Threads - GMER 2.1 ----
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2980] 000007fefae82a74
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:3656] 000007feeef7dc08
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:3348] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2672] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2668] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2740] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:3828] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2708] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2648] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:1096] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:1420] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:3852] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2960] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2240] 000007fef2500e54
Thread S:\Program Files\Windows Media Player\wmpnetwk.exe [3552:2576] 000007fef8df5124
---- Processes - GMER 2.1 ----
Process S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\uTorrent\uTorrent.exe [2840] (µTorrent/BitTorrent Inc.)(2014-04-19 22:30:51) 0000000000400000
Process S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe [2848] (Spotify/Spotify Ltd)(2014-04-22 13:18:30) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe [2848](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\spotify.exe [2848] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2968] (SpotifyWebHelper/Spotify Ltd)(2014-04-22 13:18:29) 0000000000400000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5056](2014-04-22 13:18:29) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5056](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5056] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5056](2014-07-09 13:39:33) 0000000063330000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5076](2014-04-22 13:18:29) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5076](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5076] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5076](2014-07-09 13:39:33) 0000000063330000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5092](2014-04-22 13:18:29) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5092](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5092] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [5092](2014-07-09 13:39:33) 0000000063330000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4828](2014-04-22 13:18:29) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4828](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4828] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\ffmpegsumo.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4828](2014-07-09 13:39:33) 0000000063330000
Process S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560](2014-04-22 13:18:29) 0000000000400000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libcef.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560](2014-04-22 13:18:29) 000000006f1c0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\icudt.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560] (ICU Data DLL/The ICU Project)(2014-04-22 13:18:29) 0000000073930000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\D3DCompiler_46.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560] (Direct3D HLSL Compiler/Microsoft Corporation)(2014-04-22 13:18:29) 00000000628d0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libglesv2.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560](2014-04-22 13:18:29) 00000000627f0000
Library S:\Users\Lucky\AppData\Roaming\Spotify\Data\libegl.dll (*** suspicious ***) @ S:\Users\Lucky\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [4560](2014-04-22 13:18:29) 00000000627d0000
---- EOF - GMER 2.1 ----
- Załączniki
-
Extras.Txt
- (75.88 KiB) Ściągnięto 58 razy
-
OTL.Txt
- (125.47 KiB) Ściągnięto 54 razy