GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-22 23:42:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 GOODRAM_C40 rev.S9FM01.8 111,79GB Running: fgc36w6l.exe; Driver: C:\Users\mateusz\AppData\Local\Temp\pgliikog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 0000000076b9d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000076ba5acb 5 bytes JMP 0000000076a80f0e .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000076ba5ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076ba6410 5 bytes JMP 0000000076a80f93 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076ba6500 5 bytes JMP 0000000076a80fd3 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca50fd4 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes JMP 0000000050518360 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes JMP 00000000505182d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes JMP 00000000505183f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes JMP 0000000050518240 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075ef34b1 4 bytes {CALL 0xffffffff8a8c7adc} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes [68, 80, 65, 15, 69, C3] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes [68, 60, 65, 15, 69, C3] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes [68, B0, 65, 15, 69, C3] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes [68, 40, 65, 15, 69, C3] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 6 bytes [68, E0, 65, 15, 69, C3] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[4472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca70fd4 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075ef34b1 4 bytes {CALL 0xffffffff8a8c7adc} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes JMP 0000000050518360 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes JMP 00000000505182d0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes JMP 00000000505183f0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes JMP 0000000050518240 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 6 bytes JMP 0000000050518480 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes JMP 0000000050518360 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes JMP 00000000505182d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes JMP 00000000505183f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes JMP 0000000050518240 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 6 bytes JMP 0000000050518480 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[1888] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes [68, 80, 65, 15, 69, C3] .text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[1888] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes [68, 60, 65, 15, 69, C3] .text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[1888] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes [68, B0, 65, 15, 69, C3] .text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[1888] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes [68, 40, 65, 15, 69, C3] .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe[4724] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 6 bytes [68, 80, 65, 15, 69, C3] .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe[4724] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 6 bytes [68, 60, 65, 15, 69, C3] .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe[4724] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 6 bytes [68, B0, 65, 15, 69, C3] .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe[4724] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 6 bytes [68, 40, 65, 15, 69, C3] .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe[4724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 6 bytes [68, E0, 65, 15, 69, C3] .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNEL32.dll!LoadLibraryExA + 1 0000000076b9d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNEL32.dll!FreeLibrary + 27 0000000076ba5acb 5 bytes JMP 0000000076a80f0e .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNEL32.dll!LoadLibraryExW + 1 0000000076ba5ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNEL32.dll!LoadLibraryW 0000000076ba6410 5 bytes JMP 0000000076a80f93 .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNEL32.dll!LoadLibraryA 0000000076ba6500 5 bytes JMP 0000000076a80fd3 .text C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe[5028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca70fd4 .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 0000000076b9d851 4 bytes {JMP 0xffffffffffed36fe} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000076ba5acb 5 bytes JMP 0000000076a80f0e .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000076ba5ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076ba6410 5 bytes JMP 0000000076a70f8e .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076ba6500 5 bytes JMP 0000000076a70fce .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[6472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca60fce .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[7728] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 5 bytes JMP 0000000050518360 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[7728] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 5 bytes JMP 00000000505182d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[7728] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 5 bytes JMP 00000000505183f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[7728] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 5 bytes JMP 0000000050518240 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[7728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 5 bytes JMP 0000000050518360 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 5 bytes JMP 00000000505182d0 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 5 bytes JMP 00000000505183f0 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 5 bytes JMP 0000000050518240 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076eaf9b1 7 bytes {MOV EDX, 0x14c2e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076eafa2d 7 bytes {MOV EDX, 0x14c1a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076eafb45 7 bytes {MOV EDX, 0x14c168; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076eafbf5 7 bytes {MOV EDX, 0x14c328; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076eafc25 7 bytes {MOV EDX, 0x14c268; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076eafc3d 7 bytes {MOV EDX, 0x14c128; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076eafc55 7 bytes {MOV EDX, 0x14c3e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076eafc85 7 bytes {MOV EDX, 0x14c428; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076eafd05 7 bytes {MOV EDX, 0x14c3a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076eafd1d 7 bytes {MOV EDX, 0x14c368; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076eafd69 7 bytes {MOV EDX, 0x14c068; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076eafe61 7 bytes {MOV EDX, 0x14c0a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076eb00b9 7 bytes {MOV EDX, 0x14c028; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076eb101d 7 bytes {MOV EDX, 0x14c1e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076eb10c5 7 bytes {MOV EDX, 0x14c2a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076eb113d 7 bytes {MOV EDX, 0x14c228; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076eb1341 7 bytes {MOV EDX, 0x14c0e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[8476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076eaf9b1 7 bytes {MOV EDX, 0x6e42e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076eafa2d 7 bytes {MOV EDX, 0x6e41a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076eafb45 7 bytes {MOV EDX, 0x6e4168; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076eafbf5 7 bytes {MOV EDX, 0x6e4328; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076eafc25 7 bytes {MOV EDX, 0x6e4268; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076eafc3d 7 bytes {MOV EDX, 0x6e4128; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076eafc55 7 bytes {MOV EDX, 0x6e43e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076eafc85 7 bytes {MOV EDX, 0x6e4428; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076eafd05 7 bytes {MOV EDX, 0x6e43a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076eafd1d 7 bytes {MOV EDX, 0x6e4368; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076eafd69 7 bytes {MOV EDX, 0x6e4068; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076eafe61 7 bytes {MOV EDX, 0x6e40a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076eb00b9 7 bytes {MOV EDX, 0x6e4028; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076eb101d 7 bytes {MOV EDX, 0x6e41e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076eb10c5 7 bytes {MOV EDX, 0x6e42a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076eb113d 7 bytes {MOV EDX, 0x6e4228; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076eb1341 7 bytes {MOV EDX, 0x6e40e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 0000000076b9d851 4 bytes {JMP 0xffffffffffed36fe} .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000076ba5acb 5 bytes JMP 0000000076a80f0e .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000076ba5ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076ba6410 5 bytes JMP 0000000076a70f8e .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076ba6500 5 bytes JMP 0000000076a70fce .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[2656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca40fce .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 0000000076b9d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000076ba5acb 5 bytes JMP 0000000076a80f0e .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000076ba5ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076ba6410 5 bytes JMP 0000000076a80f93 .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076ba6500 5 bytes JMP 0000000076a80fd3 .text C:\Windows\system32\taskhost.exe[1224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefca8a8c0 5 bytes JMP 000007fefca70fd4 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 5 bytes JMP 0000000050518360 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 5 bytes JMP 00000000505182d0 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 5 bytes JMP 00000000505183f0 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 5 bytes JMP 0000000050518240 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\GameOverlayUI.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076eb0038 5 bytes JMP 00000000000f000f .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000076f2eea2 5 bytes JMP 0000000000100013 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 5 bytes JMP 0000000050518360 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 5 bytes JMP 00000000505182d0 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 5 bytes JMP 00000000505183f0 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 5 bytes JMP 0000000050518240 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\H1Ixs9k894kYH7dY\srvany.exe[8424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076eaf9b1 7 bytes {MOV EDX, 0x7442e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076eafa2d 7 bytes {MOV EDX, 0x7441a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076eafb45 7 bytes {MOV EDX, 0x744168; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076eafbf5 7 bytes {MOV EDX, 0x744328; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076eafc25 7 bytes {MOV EDX, 0x744268; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076eafc3d 7 bytes {MOV EDX, 0x744128; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076eafc55 7 bytes {MOV EDX, 0x7443e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076eafc85 7 bytes {MOV EDX, 0x744428; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076eafd05 7 bytes {MOV EDX, 0x7443a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076eafd1d 7 bytes {MOV EDX, 0x744368; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076eafd69 7 bytes {MOV EDX, 0x744068; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076eafe61 7 bytes {MOV EDX, 0x7440a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076eb00b9 7 bytes {MOV EDX, 0x744028; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076eb101d 7 bytes {MOV EDX, 0x7441e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076eb10c5 7 bytes {MOV EDX, 0x7442a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076eb113d 7 bytes {MOV EDX, 0x744228; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076eb1341 7 bytes {MOV EDX, 0x7440e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[6284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076eaf9b1 7 bytes {MOV EDX, 0xe7ae8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076eafa2d 7 bytes {MOV EDX, 0xe79a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076eafb45 7 bytes {MOV EDX, 0xe7968; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076eafbf5 7 bytes {MOV EDX, 0xe7b28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076eafc25 7 bytes {MOV EDX, 0xe7a68; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076eafc3d 7 bytes {MOV EDX, 0xe7928; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076eafc55 7 bytes {MOV EDX, 0xe7be8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076eafc85 7 bytes {MOV EDX, 0xe7c28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076eafd05 7 bytes {MOV EDX, 0xe7ba8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076eafd1d 7 bytes {MOV EDX, 0xe7b68; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076eafd69 7 bytes {MOV EDX, 0xe7868; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076eafe61 7 bytes {MOV EDX, 0xe78a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076eb00b9 7 bytes {MOV EDX, 0xe7828; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076eb101d 7 bytes {MOV EDX, 0xe79e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076eb10c5 7 bytes {MOV EDX, 0xe7aa8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076eb113d 7 bytes {MOV EDX, 0xe7a28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076eb1341 7 bytes {MOV EDX, 0xe78e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[9188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076eaf9b1 7 bytes {MOV EDX, 0x88eae8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076eafa2d 7 bytes {MOV EDX, 0x88e9a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076eafb45 7 bytes {MOV EDX, 0x88e968; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076eafbf5 7 bytes {MOV EDX, 0x88eb28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076eafc25 7 bytes {MOV EDX, 0x88ea68; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076eafc3d 7 bytes {MOV EDX, 0x88e928; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076eafc55 7 bytes {MOV EDX, 0x88ebe8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076eafc85 7 bytes {MOV EDX, 0x88ec28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076eafd05 7 bytes {MOV EDX, 0x88eba8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076eafd1d 7 bytes {MOV EDX, 0x88eb68; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076eafd69 7 bytes {MOV EDX, 0x88e868; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076eafe61 7 bytes {MOV EDX, 0x88e8a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076eb00b9 7 bytes {MOV EDX, 0x88e828; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076eb101d 7 bytes {MOV EDX, 0x88e9e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076eb10c5 7 bytes {MOV EDX, 0x88eaa8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076eb113d 7 bytes {MOV EDX, 0x88ea28; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076eb1341 7 bytes {MOV EDX, 0x88e8e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075de1401 2 bytes JMP 75f1b263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075de1419 2 bytes JMP 75f1b38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075de1431 2 bytes JMP 75f990f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075de144a 2 bytes CALL 75ef48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075de14dd 2 bytes JMP 75f989ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075de14f5 2 bytes JMP 75f98bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075de150d 2 bytes JMP 75f988e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075de1525 2 bytes JMP 75f98caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075de153d 2 bytes JMP 75f0fce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075de1555 2 bytes JMP 75f16937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075de156d 2 bytes JMP 75f991a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075de1585 2 bytes JMP 75f98d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075de159d 2 bytes JMP 75f988a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075de15b5 2 bytes JMP 75f0fd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075de15cd 2 bytes JMP 75f1b324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075de16b2 2 bytes JMP 75f9906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075de16bd 2 bytes JMP 75f98839 C:\Windows\syswow64\kernel32.dll .text C:\Users\mateusz\Downloads\fgc36w6l.exe[7592] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075ef48db 5 bytes JMP 0000000050518360 .text C:\Users\mateusz\Downloads\fgc36w6l.exe[7592] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ef48f3 5 bytes JMP 00000000505182d0 .text C:\Users\mateusz\Downloads\fgc36w6l.exe[7592] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075ef4925 5 bytes JMP 00000000505183f0 .text C:\Users\mateusz\Downloads\fgc36w6l.exe[7592] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ef499f 5 bytes JMP 0000000050518240 .text C:\Users\mateusz\Downloads\fgc36w6l.exe[7592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760b2abf 5 bytes JMP 0000000050518480 ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\ntdll.dll [5860:7020] 0000000000496e0c Thread C:\Windows\SysWOW64\ntdll.dll [5860:5504] 000000000049dc20 Thread C:\Windows\SysWOW64\ntdll.dll [5860:5560] 00000000004a3bc0 Thread C:\Windows\SysWOW64\ntdll.dll [5860:6588] 0000000000358180 Thread C:\Windows\SysWOW64\ntdll.dll [5860:6044] 0000000000358050 Thread C:\Windows\SysWOW64\ntdll.dll [5860:5516] 00000000724762ee ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----