GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-30 19:43:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 ST31000528AS rev.CC38 931,51GB Running: i9u4ngry.exe; Driver: C:\Users\Misiek\AppData\Local\Temp\kwrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!XLATEOBJ_iXlate + 658 fffff9600014b856 6 bytes {JMP QWORD [RIP-0x1df54]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000194300 7 bytes [00, A1, F3, FF, 41, B4, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000194308 3 bytes [00, 07, 02] .text ... * 108 .text C:\Windows\System32\win32k.sys!CLIPOBJ_cEnumStart + 756 fffff96000254618 8 bytes [58, A0, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76 fffff96000254cb8 8 bytes [14, A1, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24 fffff96000254d98 8 bytes [FC, A2, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 52 fffff96000254e68 8 bytes [A4, AA, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngAllocUserMem + 36 fffff960002554a8 8 bytes [C4, 9E, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngQueryW32kCddInterface + 489 fffff9600025b0c9 7 bytes [AB, 4F, 04, 80, F8, FF, FF] .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 298 fffff9600025b1fa 6 bytes {JMP QWORD [RIP-0x328]} .text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff9600025cd28 8 bytes [28, B1, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngCreateEvent + 88 fffff960002656e8 8 bytes [E4, A4, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngGetRgnBox + 48 fffff96000265d38 8 bytes [EC, B1, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304 fffff960002661b8 8 bytes [74, A7, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngFindResource + 840 fffff96000266508 8 bytes [C0, A9, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngWideCharToMultiByte + 28 fffff96000266568 8 bytes [D0, A6, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngDeleteDriverObj + 236 fffff960002802b8 8 bytes [38, B3, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngFntCacheFault + 512 fffff96000295998 8 bytes [D8, A7, 4F, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngMapFontFileFD + 872 fffff96000296d18 8 bytes [64, AF, 4F, 04, 80, F8, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ca17fa 2 bytes CALL 771011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ca1860 2 bytes CALL 771011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ca1942 2 bytes JMP 779e7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ca194d 2 bytes JMP 779ecba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e21401 2 bytes JMP 7712b1d3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e21419 2 bytes JMP 7712b2fe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e21431 2 bytes JMP 771a8939 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e2144a 2 bytes CALL 77104885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e214dd 2 bytes JMP 771a8232 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e214f5 2 bytes JMP 771a8408 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e2150d 2 bytes JMP 771a8128 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e21525 2 bytes JMP 771a84f2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e2153d 2 bytes JMP 7711fc70 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e21555 2 bytes JMP 771268b7 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e2156d 2 bytes JMP 771a89f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e21585 2 bytes JMP 771a8552 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e2159d 2 bytes JMP 771a80ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e215b5 2 bytes JMP 7711fd09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e215cd 2 bytes JMP 7712b294 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e216b2 2 bytes JMP 771a88b4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e216bd 2 bytes JMP 771a8081 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077c71398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c71594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c71bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c71fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077c72898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077c72d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077c733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077c74241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077c742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077c743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077c74434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077c745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077c746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077c74a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077c74b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077c74c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077c74d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077c74ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077c74ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077c750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077c752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077c753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077c755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077c764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077c7668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077c7687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077c768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077c768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077c7692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077c77166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077c77dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077c77e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4a220]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x49cef]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4adda]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000743b146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000743b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077e21401 2 bytes JMP 7712b1d3 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077e21419 2 bytes JMP 7712b2fe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077e21431 2 bytes JMP 771a8939 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077e2144a 2 bytes CALL 77104885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077e214dd 2 bytes JMP 771a8232 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077e214f5 2 bytes JMP 771a8408 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077e2150d 2 bytes JMP 771a8128 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077e21525 2 bytes JMP 771a84f2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077e2153d 2 bytes JMP 7711fc70 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077e21555 2 bytes JMP 771268b7 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077e2156d 2 bytes JMP 771a89f1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077e21585 2 bytes JMP 771a8552 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077e2159d 2 bytes JMP 771a80ec C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077e215b5 2 bytes JMP 7711fd09 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077e215cd 2 bytes JMP 7712b294 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077e216b2 2 bytes JMP 771a88b4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\Steam.exe[5476] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077e216bd 2 bytes JMP 771a8081 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077c71398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c71594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c71bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c71fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077c72898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077c72d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077c733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077c74241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077c742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077c743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077c74434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077c745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077c746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077c74a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077c74b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077c74c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077c74d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077c74ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077c74ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077c750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077c752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077c753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077c755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077c764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077c7668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077c7687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077c768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077c768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077c7692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077c77166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077c77dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077c77e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4a220]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x49cef]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4adda]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000743b146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000743b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e21401 2 bytes JMP 7712b1d3 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e21419 2 bytes JMP 7712b2fe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e21431 2 bytes JMP 771a8939 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e2144a 2 bytes CALL 77104885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e214dd 2 bytes JMP 771a8232 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e214f5 2 bytes JMP 771a8408 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e2150d 2 bytes JMP 771a8128 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e21525 2 bytes JMP 771a84f2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e2153d 2 bytes JMP 7711fc70 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e21555 2 bytes JMP 771268b7 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e2156d 2 bytes JMP 771a89f1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e21585 2 bytes JMP 771a8552 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e2159d 2 bytes JMP 771a80ec C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e215b5 2 bytes JMP 7711fd09 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e215cd 2 bytes JMP 7712b294 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e216b2 2 bytes JMP 771a88b4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e216bd 2 bytes JMP 771a8081 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077c71398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c71594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c71bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c71fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077c72898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077c72d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077c733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077c74241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077c742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077c743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077c74434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077c745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077c746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077c74a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077c74b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077c74c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077c74d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077c74ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077c74ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077c750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077c752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077c753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077c755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077c764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077c7668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077c7687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077c768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077c768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077c7692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077c77166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077c77dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077c77e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000743b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000743b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077e21401 2 bytes JMP 7712b1d3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077e21419 2 bytes JMP 7712b2fe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077e21431 2 bytes JMP 771a8939 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077e2144a 2 bytes CALL 77104885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077e214dd 2 bytes JMP 771a8232 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077e214f5 2 bytes JMP 771a8408 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077e2150d 2 bytes JMP 771a8128 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077e21525 2 bytes JMP 771a84f2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077e2153d 2 bytes JMP 7711fc70 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077e21555 2 bytes JMP 771268b7 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077e2156d 2 bytes JMP 771a89f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077e21585 2 bytes JMP 771a8552 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077e2159d 2 bytes JMP 771a80ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077e215b5 2 bytes JMP 7711fd09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077e215cd 2 bytes JMP 7712b294 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077e216b2 2 bytes JMP 771a88b4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5656] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077e216bd 2 bytes JMP 771a8081 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077c71398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c71594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c71bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c71fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077c72898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077c72d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077c733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077c74241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077c742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077c743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077c74434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077c745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077c746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077c74a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077c74b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077c74c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077c74d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077c74ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077c74ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077c750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077c752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077c753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077c755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077c764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077c7668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077c7687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077c768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077c768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077c7692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077c77166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077c77dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077c77e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4a220]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x49cef]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4adda]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000743b146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000743b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e21401 2 bytes JMP 7712b1d3 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e21419 2 bytes JMP 7712b2fe C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e21431 2 bytes JMP 771a8939 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e2144a 2 bytes CALL 77104885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e214dd 2 bytes JMP 771a8232 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e214f5 2 bytes JMP 771a8408 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e2150d 2 bytes JMP 771a8128 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e21525 2 bytes JMP 771a84f2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e2153d 2 bytes JMP 7711fc70 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e21555 2 bytes JMP 771268b7 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e2156d 2 bytes JMP 771a89f1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e21585 2 bytes JMP 771a8552 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e2159d 2 bytes JMP 771a80ec C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e215b5 2 bytes JMP 7711fd09 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e215cd 2 bytes JMP 7712b294 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e216b2 2 bytes JMP 771a88b4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Steam\bin\steamwebhelper.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e216bd 2 bytes JMP 771a8081 C:\Windows\syswow64\kernel32.dll .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077c71398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077c71594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077c71bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077c71fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077c72898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077c72d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077c733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077c74241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077c742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077c743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077c74434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000077c745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000077c746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077c74a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077c74b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077c74c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077c74d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077c74ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077c74ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077c750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077c752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077c753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000077c755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077c764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000077c7668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000077c7687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000077c768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077c768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000077c7692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077c77166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077c77dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077c77e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4a220]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x49cef]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4ac62]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4a80f]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4adda]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x49edf]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4ab13]} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000743b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000743b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000743b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000743b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000743b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Misiek\Pobrane\i9u4ngry.exe[840] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000743b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800455dfb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- EOF - GMER 2.1 ----