GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-02 00:17:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB Running: j8j7er28.exe; Driver: C:\Users\acer\AppData\Local\Temp\aftcqaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 000000014a2e0460 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 000000014a2e0450 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 000000014a2e0370 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 000000014a2e0470 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 000000014a2e03e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 000000014a2e0320 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 000000014a2e03b0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 000000014a2e0390 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 000000014a2e02e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 000000014a2e02d0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 000000014a2e0310 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 000000014a2e03c0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 000000014a2e03f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 000000014a2e0230 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 000000014a2e0480 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 000000014a2e03a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 000000014a2e02f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 000000014a2e0350 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 000000014a2e0290 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 000000014a2e02b0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 000000014a2e03d0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 000000014a2e0330 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 000000014a2e0410 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 000000014a2e0240 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 000000014a2e01e0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 000000014a2e0250 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 000000014a2e0490 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 000000014a2e04a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 000000014a2e0300 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 000000014a2e0360 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 000000014a2e02a0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 000000014a2e02c0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 000000014a2e0380 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 000000014a2e0340 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 000000014a2e0440 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 000000014a2e0260 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 000000014a2e0270 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 000000014a2e0400 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 000000014a2e01f0 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 000000014a2e0210 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 000000014a2e0200 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 000000014a2e0420 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 000000014a2e0430 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 000000014a2e0220 .text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 000000014a2e0280 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\wininit.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\wininit.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 000000014a2e0460 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 000000014a2e0450 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 000000014a2e0370 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 000000014a2e0470 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 000000014a2e03e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 000000014a2e0320 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 000000014a2e03b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 000000014a2e0390 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 000000014a2e02e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 000000014a2e02d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 000000014a2e0310 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 000000014a2e03c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 000000014a2e03f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 000000014a2e0230 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 000000014a2e0480 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 000000014a2e03a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 000000014a2e02f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 000000014a2e0350 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 000000014a2e0290 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 000000014a2e02b0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 000000014a2e03d0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 000000014a2e0330 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 000000014a2e0410 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 000000014a2e0240 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 000000014a2e01e0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 000000014a2e0250 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 000000014a2e0490 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 000000014a2e04a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 000000014a2e0300 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 000000014a2e0360 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 000000014a2e02a0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 000000014a2e02c0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 000000014a2e0380 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 000000014a2e0340 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 000000014a2e0440 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 000000014a2e0260 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 000000014a2e0270 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 000000014a2e0400 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 000000014a2e01f0 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 000000014a2e0210 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 000000014a2e0200 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 000000014a2e0420 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 000000014a2e0430 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 000000014a2e0220 .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 000000014a2e0280 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\services.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\services.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\winlogon.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\lsass.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\svchost.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\nvvsvc.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\System32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\System32\svchost.exe[340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\svchost.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\svchost.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\System32\spoolsv.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\nvvsvc.exe[1780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1892] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000761d1465 2 bytes [1D, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1892] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761d14bb 2 bytes [1D, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\rundll32.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\taskhost.exe[2056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\Dwm.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe[2332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\conhost.exe[1472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\System32\rundll32.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Windows\SysWOW64\rundll32.exe[3092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Users\acer\AppData\Local\FluxSoftware\Flux\flux.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Users\acer\AppData\Local\FluxSoftware\Flux\flux.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761d1465 2 bytes [1D, 76] .text C:\Users\acer\AppData\Local\FluxSoftware\Flux\flux.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761d14bb 2 bytes [1D, 76] .text ... * 2 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 00000001002c0460 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 00000001002c0450 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 00000001002c0370 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 00000001002c0470 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000001002c03e0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 00000001002c0320 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000001002c03b0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 00000001002c0390 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000001002c02e0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000001002c02d0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 00000001002c0310 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000001002c03c0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000001002c03f0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 00000001002c0230 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 00000001002c0480 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000001002c03a0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000001002c02f0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 00000001002c0350 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 00000001002c0290 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000001002c02b0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000001002c03d0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 00000001002c0330 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 00000001002c0410 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 00000001002c0240 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000001002c01e0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 00000001002c0250 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 00000001002c0490 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000001002c04a0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 00000001002c0300 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 00000001002c0360 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000001002c02a0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000001002c02c0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 00000001002c0380 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 00000001002c0340 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 00000001002c0440 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 00000001002c0260 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 00000001002c0270 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 00000001002c0400 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000001002c01f0 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 00000001002c0210 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 00000001002c0200 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 00000001002c0420 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 00000001002c0430 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 00000001002c0220 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 00000001002c0280 .text C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe[3280] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text E:\Programy\AVAST Software\Avast\AvastUI.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\SearchIndexer.exe[3520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Windows\system32\SearchProtocolHost.exe[3896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dbeecd 1 byte [62] .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076fd1360 5 bytes JMP 0000000077130460 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076fd13b0 5 bytes JMP 0000000077130450 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fd1510 5 bytes JMP 0000000077130370 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076fd1560 5 bytes JMP 0000000077130470 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fd1570 5 bytes JMP 00000000771303e0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fd1620 5 bytes JMP 0000000077130320 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 00000000771303b0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fd1670 5 bytes JMP 0000000077130390 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076fd16b0 5 bytes JMP 00000000771302e0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076fd1730 5 bytes JMP 00000000771302d0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fd1750 5 bytes JMP 0000000077130310 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fd1790 5 bytes JMP 00000000771303c0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076fd17e0 5 bytes JMP 00000000771303f0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076fd1940 5 bytes JMP 0000000077130230 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076fd1b00 5 bytes JMP 0000000077130480 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076fd1b30 5 bytes JMP 00000000771303a0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076fd1c10 5 bytes JMP 00000000771302f0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076fd1c20 5 bytes JMP 0000000077130350 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fd1c80 5 bytes JMP 0000000077130290 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076fd1d10 5 bytes JMP 00000000771302b0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fd1d30 5 bytes JMP 00000000771303d0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076fd1d40 5 bytes JMP 0000000077130330 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076fd1db0 5 bytes JMP 0000000077130410 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076fd1de0 5 bytes JMP 0000000077130240 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fd20a0 5 bytes JMP 00000000771301e0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076fd2160 5 bytes JMP 0000000077130250 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076fd2190 5 bytes JMP 0000000077130490 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076fd21a0 5 bytes JMP 00000000771304a0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076fd21d0 5 bytes JMP 0000000077130300 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076fd21e0 5 bytes JMP 0000000077130360 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076fd2240 5 bytes JMP 00000000771302a0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076fd2290 5 bytes JMP 00000000771302c0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076fd22c0 5 bytes JMP 0000000077130380 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076fd22d0 5 bytes JMP 0000000077130340 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076fd25c0 5 bytes JMP 0000000077130440 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076fd27c0 5 bytes JMP 0000000077130260 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076fd27d0 5 bytes JMP 0000000077130270 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fd27e0 5 bytes JMP 0000000077130400 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fd29a0 5 bytes JMP 00000000771301f0 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076fd29b0 5 bytes JMP 0000000077130210 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076fd2a20 5 bytes JMP 0000000077130200 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076fd2a80 5 bytes JMP 0000000077130420 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076fd2a90 5 bytes JMP 0000000077130430 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fd2aa0 5 bytes JMP 0000000077130220 .text C:\Windows\System32\svchost.exe[5060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fd2b80 5 bytes JMP 0000000077130280 .text C:\Users\acer\Desktop\j8j7er28.exe[3116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba2ba 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\Users\acer\AppData\Roaming\newnext.me\nengine.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [3092] (NewNext Helper Engine/NewNextDotMe)(2014-01-10 13:20:17) 0000000071b80000 Process C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe (*** suspicious ***) @ C:\Users\acer\AppData\Local\NVIDIA Corporation\nvxsync.exe [3280] (NVIDIA User Experience Service Componen/NVIDIA Corporatio)(2014-02-01 20:43:15) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076af67c4 Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076af67c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log 1048576 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00043.log 1048576 bytes ---- EOF - GMER 2.1 ----