GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-29 00:36:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000007c Crucial_ rev.MU01 232,89GB Running: fzt3vxuz.exe; Driver: C:\Users\Dawidos\AppData\Local\Temp\pxldapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000135a00 7 bytes [00, 54, F3, FF, C1, 5F, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000135a08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007582103d 5 bytes JMP 00000000740e1eb0 .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075821072 5 bytes JMP 00000000740e1da0 .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\SysWOW64\detoured.dll!Detoured + 3 0000000074121003 2 bytes [12, 74] .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\SysWOW64\detoured.dll!Detoured + 22 0000000074121016 2 bytes [12, 74] .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077020309 7 bytes {MOV EDX, 0x9fb2e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077020385 7 bytes {MOV EDX, 0x9fb1a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007702049d 7 bytes {MOV EDX, 0x9fb168; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007702054d 7 bytes {MOV EDX, 0x9fb328; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007702057d 7 bytes {MOV EDX, 0x9fb268; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077020595 7 bytes {MOV EDX, 0x9fb128; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770205ad 7 bytes {MOV EDX, 0x9fb3e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770205dd 7 bytes {MOV EDX, 0x9fb428; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007702065d 7 bytes {MOV EDX, 0x9fb3a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077020675 7 bytes {MOV EDX, 0x9fb368; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770206c1 7 bytes {MOV EDX, 0x9fb068; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770207b9 7 bytes {MOV EDX, 0x9fb0a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020a11 7 bytes {MOV EDX, 0x9fb028; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077021975 7 bytes {MOV EDX, 0x9fb1e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021a1d 7 bytes {MOV EDX, 0x9fb2a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077021a95 7 bytes {MOV EDX, 0x9fb228; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077021c99 7 bytes {MOV EDX, 0x9fb0e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007582103d 5 bytes JMP 0000000076b0024a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075821072 5 bytes JMP 0000000076b0028a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000075823488 5 bytes JMP 0000000076b0020a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000758248db 5 bytes JMP 0000000076b0014a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000758248f3 5 bytes JMP 0000000076b0018a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075824925 5 bytes JMP 0000000076b0010a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007582499f 5 bytes JMP 0000000076b001ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b32bdc 5 bytes JMP 0000000076b0000a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076b32e40 5 bytes JMP 0000000076b0004a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b32e7e 5 bytes JMP 0000000076b0008a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076b33caa 5 bytes JMP 0000000076b000ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!DispatchMessageW 000000007572788b 5 bytes JMP 0000000076b005ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000757278f2 5 bytes JMP 0000000076b0064a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075727bcb 5 bytes JMP 0000000076b0058a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075727be3 5 bytes JMP 0000000076b0060a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000757305ca 5 bytes JMP 0000000076b006ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075731228 5 bytes JMP 0000000076b0038a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007573292f 5 bytes JMP 0000000076b0050a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075734206 5 bytes JMP 0000000076b0040a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075735f84 5 bytes JMP 0000000076b0068a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075741363 5 bytes JMP 0000000076b0070a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007574ebb6 5 bytes JMP 0000000076b004ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007574ec88 5 bytes JMP 0000000076b0054a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007574ed69 5 bytes JMP 0000000076b0048c .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!SetCapture 000000007574ed76 5 bytes JMP 0000000076b0044a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!ShowCursor 000000007574f690 5 bytes JMP 0000000076b003ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075769dbb 5 bytes JMP 0000000076b0034a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoW 000000007576c27d 5 bytes JMP 0000000076b0080a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075778240 5 bytes JMP 0000000076b0090a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceInfoA 00000000757869d3 5 bytes JMP 0000000076b007ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetClipCursor 00000000757881b9 5 bytes JMP 0000000076b0074a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRawInputData 0000000075788437 5 bytes JMP 0000000076b008ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRawInputDeviceList 0000000075788477 5 bytes JMP 0000000076b0078a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!GetRegisteredRawInputDevices 0000000075788497 5 bytes JMP 0000000076b0088a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757889b3 5 bytes JMP 0000000076b0084a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\GDI32.dll!SetDeviceGammaRamp 0000000074c5dffe 5 bytes JMP 0000000076b0094a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075941e65 5 bytes JMP 0000000076b0030a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\SHELL32.dll!ShellExecuteEx 0000000075b6898d 5 bytes JMP 0000000076b002ca .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765b9cbb 5 bytes JMP 0000000076b0098a .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll ? C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [3852] entry point in ".be1" section 000000013f708707 .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\GameOverlayUI.exe[224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077020309 7 bytes {MOV EDX, 0x529ae8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077020385 7 bytes {MOV EDX, 0x5299a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007702049d 7 bytes {MOV EDX, 0x529968; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007702054d 7 bytes {MOV EDX, 0x529b28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007702057d 7 bytes {MOV EDX, 0x529a68; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077020595 7 bytes {MOV EDX, 0x529928; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770205ad 7 bytes {MOV EDX, 0x529be8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770205dd 7 bytes {MOV EDX, 0x529c28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007702065d 7 bytes {MOV EDX, 0x529ba8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077020675 7 bytes {MOV EDX, 0x529b68; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770206c1 7 bytes {MOV EDX, 0x529868; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770207b9 7 bytes {MOV EDX, 0x5298a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020a11 7 bytes {MOV EDX, 0x529828; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077021975 7 bytes {MOV EDX, 0x5299e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021a1d 7 bytes {MOV EDX, 0x529aa8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077021a95 7 bytes {MOV EDX, 0x529a28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077021c99 7 bytes {MOV EDX, 0x5298e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077020309 7 bytes {MOV EDX, 0x7632e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077020385 7 bytes {MOV EDX, 0x7631a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007702049d 7 bytes {MOV EDX, 0x763168; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007702054d 7 bytes {MOV EDX, 0x763328; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007702057d 7 bytes {MOV EDX, 0x763268; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077020595 7 bytes {MOV EDX, 0x763128; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770205ad 7 bytes {MOV EDX, 0x7633e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770205dd 7 bytes {MOV EDX, 0x763428; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007702065d 7 bytes {MOV EDX, 0x7633a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077020675 7 bytes {MOV EDX, 0x763368; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770206c1 7 bytes {MOV EDX, 0x763068; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770207b9 7 bytes {MOV EDX, 0x7630a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020a11 7 bytes {MOV EDX, 0x763028; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077021975 7 bytes {MOV EDX, 0x7631e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021a1d 7 bytes {MOV EDX, 0x7632a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077021a95 7 bytes {MOV EDX, 0x763228; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077021c99 7 bytes {MOV EDX, 0x7630e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbamscheduler.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware-1\mbam.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077020309 7 bytes {MOV EDX, 0xbbb2e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077020385 7 bytes {MOV EDX, 0xbbb1a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007702049d 7 bytes {MOV EDX, 0xbbb168; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007702054d 7 bytes {MOV EDX, 0xbbb328; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007702057d 7 bytes {MOV EDX, 0xbbb268; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077020595 7 bytes {MOV EDX, 0xbbb128; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000770205ad 7 bytes {MOV EDX, 0xbbb3e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000770205dd 7 bytes {MOV EDX, 0xbbb428; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007702065d 7 bytes {MOV EDX, 0xbbb3a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077020675 7 bytes {MOV EDX, 0xbbb368; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000770206c1 7 bytes {MOV EDX, 0xbbb068; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000770207b9 7 bytes {MOV EDX, 0xbbb0a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077020a11 7 bytes {MOV EDX, 0xbbb028; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077021975 7 bytes {MOV EDX, 0xbbb1e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077021a1d 7 bytes {MOV EDX, 0xbbb2a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077021a95 7 bytes {MOV EDX, 0xbbb228; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077021c99 7 bytes {MOV EDX, 0xbbb0e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fe1401 2 bytes JMP 7584b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fe1419 2 bytes JMP 7584b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fe1431 2 bytes JMP 758c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fe144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fe14dd 2 bytes JMP 758c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fe14f5 2 bytes JMP 758c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fe150d 2 bytes JMP 758c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fe1525 2 bytes JMP 758c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fe153d 2 bytes JMP 7583fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fe1555 2 bytes JMP 75846937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fe156d 2 bytes JMP 758c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fe1585 2 bytes JMP 758c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fe159d 2 bytes JMP 758c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fe15b5 2 bytes JMP 7583fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fe15cd 2 bytes JMP 7584b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fe16b2 2 bytes JMP 758c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fe16bd 2 bytes JMP 758c8839 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 5134 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 2807 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a5842044-d8b0-43ec-8797-1a6fbfbd6c6d}@Dhcpv6State 0 ---- EOF - GMER 2.2 ----