GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-01 10:26:28 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.03.0 Running: 6zy1hgo3.exe; Driver: C:\Users\lnowicki\AppData\Local\Temp\pflyapog.sys ---- System - GMER 1.0.15 ---- SSDT 874FAB38 ZwAlertResumeThread SSDT 8747FB38 ZwAlertThread SSDT 87517D68 ZwAllocateVirtualMemory SSDT 8726A7D0 ZwConnectPort SSDT 875609E0 ZwCreateMutant SSDT 875170B8 ZwCreateThread SSDT \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwCreateUserProcess [0x8B4051D0] SSDT 87517338 ZwFreeVirtualMemory SSDT 874C0B38 ZwImpersonateAnonymousToken SSDT 874FA2E8 ZwImpersonateThread SSDT 874C9498 ZwMapViewOfSection SSDT 874FA7B8 ZwOpenEvent SSDT 87466710 ZwOpenProcessToken SSDT 875175A8 ZwOpenThreadToken SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x905A0B90] SSDT \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) ZwQueryDefaultLocale [0x8B405280] SSDT 874F02C0 ZwResumeThread SSDT 874C98B0 ZwSetContextThread SSDT 87528320 ZwSetInformationProcess SSDT 8753A570 ZwSetInformationThread SSDT 875166C8 ZwSuspendProcess SSDT 8749C710 ZwSuspendThread SSDT 87528BE0 ZwTerminateProcess SSDT 874C6578 ZwTerminateThread SSDT 87485B38 ZwUnmapViewOfSection SSDT 8751A7D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 1218 82E8D404 5 Bytes JMP 8B406A50 \SystemRoot\SYSTEM32\Drivers\SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8D599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82EB9734 8 Bytes [38, AB, 4F, 87, 38, FB, 47, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB974C 4 Bytes [68, 7D, 51, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82EB97EC 4 Bytes [D0, A7, 26, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 318 82EB9828 4 Bytes [E0, 09, 56, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EB985C 4 Bytes [B8, 70, 51, 87] .text ... ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! .text ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes [E9, 06, 6E, 0C, 89] {JMP 0xffffffff890c6e0b} .text ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes [E9, 00, 6E, 0C, 89] {JMP 0xffffffff890c6e05} .text ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes [E9, CA, 6C, 0C, 89] {JMP 0xffffffff890c6ccf} .text ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes [E9, 74, 6C, 0C, 89] {JMP 0xffffffff890c6c79} .text ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes [E9, C0, 6D, 0C, 89] {JMP 0xffffffff890c6dc5} .text ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes [E9, 6E, 6C, 0C, 89] {JMP 0xffffffff890c6c73} .text ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes [E9, C8, 68, 0C, 89] {JMP 0xffffffff890c68cd} .text ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes [E9, 52, 68, 0C, 89] {JMP 0xffffffff890c6857} .text ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes [E9, 5C, 68, 0C, 89] {JMP 0xffffffff890c6861} .text ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes [E9, 86, 68, 0C, 89] {JMP 0xffffffff890c688b} .text ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes [E9, 4A, 62, 0C, 89] {JMP 0xffffffff890c624f} .text ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes [E9, 14, 60, 0C, 89] {JMP 0xffffffff890c6019} .text ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes [E9, 7E, 5E, 0C, 89] {JMP 0xffffffff890c5e83} .text ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes [E9, F8, 5D, 0C, 89] {JMP 0xffffffff890c5dfd} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\aestsrv.exe[480] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[508] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchProtocolHost.exe[752] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0011B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0011B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0011B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0011B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0011BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0011B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0011B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0011B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0011B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0011BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0011BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0011BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0011BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\rundll32.exe[808] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0011BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0017B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0017B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0017B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0017B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0017BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0017B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0017B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0017B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0017B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0017BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0017BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0017BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0017BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0017BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[964] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\STacSV.exe[1040] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0016B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0016B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0016B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0016B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0016BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0016B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0016B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0016B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0016B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0016BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0016BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0016BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0016BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1180] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0016BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0016B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0016B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0016B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0016B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0016BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0016B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0016B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0016B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0016B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0016BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0016BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0016BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0016BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0016BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0030B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0030B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0030B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0030B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0030BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0030B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0030B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0030B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0030B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0030BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0030BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0030BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0030BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\CAM\bin\cam.exe[1276] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0030BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0018B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0018B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0018B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0018B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0018BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0018B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0018B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0018B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0018B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0018BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0018BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0018BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0018BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Hpservice.exe[1320] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0018BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe[1352] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1404] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0025B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0025B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0025B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0025B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0025BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0025B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0025B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0025B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0025B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0025BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0025BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0025BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0025BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1480] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0025BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\caf.exe[1748] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 002EB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 002EB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 002EB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 002EB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 002EBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 002EB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 002EB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 002EB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 002EB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 002EBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 002EBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 002EBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 002EBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 002EBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 002CB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 002CB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 002CB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 002CB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 002CBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 002CB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 002CB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 002CB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 002CB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 002CBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 002CBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 002CBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 002CBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 002CBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe[1992] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 002CB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 002CB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 002CB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 002CB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 002CBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 002CB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 002CB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 002CB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 002CB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 002CBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 002CBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 002CBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 002CBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\svchost.exe[2036] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 002CBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\Dwm.exe[2112] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 000FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 000FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 000FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 000FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 000FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 000FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 000FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 000FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 000FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 000FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 000FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 000FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 000FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskhost.exe[2120] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 000FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0036B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0036B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0036B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0036B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0036BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0036B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0036B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0036B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0036B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0036BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0036BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0036BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0036BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\Downloads\6zy1hgo3.exe[2136] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0036BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\Explorer.EXE[2180] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[2352] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe[2416] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0035B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0035B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0035B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0035B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0035BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0035B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0035B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0035B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0035B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0035BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0035BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0035BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0035BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2460] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0035BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\wbem\WmiApSrv.exe[2524] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 005BB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 005BB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 005BB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 005BB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 005BBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 005BB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 005BB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 005BB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 005BB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 005BBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A9A0C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A9A9D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A9C5B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 005BBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 005BBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 005BBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 005BBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 48, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[2640] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0031B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0031B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0031B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0031B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0031BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0031B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0031B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0031B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0031B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0031BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0031BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0031BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0031BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe[2672] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0031BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0030B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0030B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0030B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0030B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0030BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0030B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0030B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0030B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0030B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0030BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0030BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0030BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0030BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0030BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[2876] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0034B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0034B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0034B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0034B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0034BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0034B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0034B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0034B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0034B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0034BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0034BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0034BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0034BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[2884] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0034BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0032B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0032B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0032B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0032B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0032BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0032B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0032B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0032B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0032B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0032BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0032BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0032BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0032BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2948] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0032BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0019B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0019B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0019B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0019B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0019BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0019B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0019B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0019B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0019B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0019BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0019BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0019BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0019BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3048] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0019BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccnfagent.exe[3060] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0039B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0039B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0039B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0039B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0039BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0039B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0039B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0039B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0039B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0039BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0039BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0039BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0039BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[3084] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0039BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe[3320] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0049B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0049B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0049B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0049B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0049BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0049B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0049B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0049B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0049B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0049BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A7C0C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 2A, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 2A, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A7C9D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A7E5B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0049BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0049BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0049BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0049BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 2A, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0035B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0035B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0035B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0035B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0035BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0035B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0035B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0035B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0035B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0035BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0035BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0035BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0035BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\ccsmagtd.exe[3388] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0035BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\svchost.exe[3444] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0030B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0030B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0030B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0030B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0030BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0030B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0030B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0030B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0030B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0030BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0030BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0030BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0030BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxtray.exe[3668] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0030BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0020B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0020B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0020B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0020B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0020BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0020B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0020B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0020B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0020B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0020BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0020BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0020BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0020BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\hkcmd.exe[3680] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0020BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0034B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0034B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0034B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0034B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0034BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0034B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0034B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0034B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0034B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0034BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0034BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0034BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0034BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\System32\igfxpers.exe[3692] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0034BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0014B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0014B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0014B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0014B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0014BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0014B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0014B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0014B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0014B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0014BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0014BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0014BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0014BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3720] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0014BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0016B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0016B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0016B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0016B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0016BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0016B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0016B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0016B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0016B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0016BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0016BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0016BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0016BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\SearchIndexer.exe[3756] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0016BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0035B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0035B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0035B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0035B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0035BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0035B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0035B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0035B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0035B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0035BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0035BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0035BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0035BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfsmsmd.exe[3776] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0035BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0036B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0036B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0036B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0036B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0036BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0036B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0036B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0036B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0036B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0036BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0036BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0036BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0036BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\bin\cfSysTray.exe[3788] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0036BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 5 772A4A35 3 Bytes JMP 0028B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 9 772A4A39 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 9 772A4A39 3 Bytes [88, FF, E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateKey + 5 772A4A75 3 Bytes JMP 0028B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateKey + 9 772A4A79 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 3 Bytes JMP 0028B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateUserProcess + 9 772A4BE9 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteFile + 5 772A4C75 3 Bytes JMP 0028B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteFile + 9 772A4C79 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteKey + 5 772A4C85 3 Bytes JMP 0028BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteKey + 9 772A4C89 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 3 Bytes JMP 0028B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtDeleteValueKey + 9 772A4CB9 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 5 772A5095 3 Bytes JMP 0028B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 9 772A5099 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 9 772A5099 3 Bytes [88, FF, E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 5 772A5145 3 Bytes JMP 0028B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 9 772A5149 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 9 772A5149 3 Bytes [88, FF, E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenKey + 5 772A5175 3 Bytes JMP 0028B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenKey + 9 772A5179 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenKeyEx + 5 772A5185 3 Bytes JMP 0028BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenKeyEx + 9 772A5189 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A6F0C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A6F9D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A715B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtRenameKey + 5 772A5835 3 Bytes JMP 0028BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtRenameKey + 9 772A5839 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 5 772A5AA5 3 Bytes JMP 0028BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 9 772A5AA9 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 9 772A5AA9 3 Bytes [88, FF, E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetValueKey + 5 772A5C75 3 Bytes JMP 0028BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetValueKey + 9 772A5C79 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtTerminateProcess + 5 772A5D35 3 Bytes JMP 0028BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtTerminateProcess + 9 772A5D39 1 Byte [88] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 1D, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0038B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0038B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0038B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0038B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0038BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0038B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0038B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0038B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0038B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0038BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0038BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0038BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0038BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[3880] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0038BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0034B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0034B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0034B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0034B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0034BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0034B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0034B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0034B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0034B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0034BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0034BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0034BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0034BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\IDT\WDM\sttray.exe[3908] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0034BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\rcHost.exe[4120] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 001FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 001FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 001FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 001FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 001FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 001FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 001FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 001FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 001FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 001FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 001FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 001FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 001FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\amswmagt.exe[4224] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 001FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0031B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0031B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0031B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0031B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0031BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0031B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0031B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0031B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0031B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0031BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0031BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0031BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0031BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\CA\DSM\Bin\cfftplugin.exe[4348] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0031BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0059B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0059B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0059B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0059B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0059BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0059B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0059B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0059B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0059B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0059BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A8B0C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 39, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 39, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A8B9D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A8D5B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0059BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0059BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0059BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0059BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 39, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4428] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 004FB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 004FB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 004FB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 004FB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 004FBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 004FB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 004FB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 004FB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 004FB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 004FBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A830C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 31, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 31, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A839D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A855B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 004FBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 004FBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 004FBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 004FBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 31, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4564] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0047B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0047B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0047B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0047B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0047BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0047B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0047B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0047B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0047B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0047BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A7A0C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 28, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 28, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A7A9D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A7C5B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0047BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0047BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0047BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0047BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 28, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 005CB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 005CB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 005CB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 005CB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 005CBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 005CB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 005CB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 005CB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 005CB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 005CBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A870C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A879D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A895B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 005CBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 005CBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 005CBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 005CBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 35, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\taskeng.exe[5252] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0024B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0024B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0024B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0024B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0024BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0024B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0024B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0024B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0024B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0024BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0024BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0024BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0024BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5576] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0024BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 004CB840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateFile + B 772A4A3B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 004CB87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 004CB8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 004CB8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 004CBA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 004CB928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 004CB962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtMapViewOfSection + B 772A509B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 004CB99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenFile + B 772A514B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 004CB9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 004CBA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + 6 772A51F6 4 Bytes [A8, 01, 13, 00] {TEST AL, 0x1; ADC EAX, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcess + B 772A51FB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + 6 772A5206 4 Bytes CALL 762A650C C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessToken + B 772A520B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + 6 772A5216 4 Bytes [A8, 02, 13, 00] {TEST AL, 0x2; ADC EAX, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenProcessTokenEx + B 772A521B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + 6 772A5276 4 Bytes [68, 01, 13, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThread + B 772A527B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + 6 772A5286 4 Bytes [68, 02, 13, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadToken + B 772A528B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + 6 772A5296 4 Bytes CALL 762A659D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtOpenThreadTokenEx + B 772A529B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + 6 772A53A6 4 Bytes [A8, 00, 13, 00] {TEST AL, 0x0; ADC EAX, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryAttributesFile + B 772A53AB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + 6 772A5456 4 Bytes CALL 762A675B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtQueryFullAttributesFile + B 772A545B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 004CBA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 004CBABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationFile + B 772A5AAB 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + 6 772A5B06 4 Bytes [28, 02, 13, 00] {SUB [EDX], AL; ADC EAX, [EAX]} .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetInformationThread + B 772A5B0B 1 Byte [E2] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 004CBAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 004CBB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 1 Byte [68] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + 6 772A5E26 4 Bytes [68, 03, 13, 00] .text C:\Users\lnowicki\AppData\Local\Google\Chrome\Application\chrome.exe[5792] ntdll.dll!NtUnmapViewOfSection + B 772A5E2B 1 Byte [E2] .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtCreateFile + 5 772A4A35 5 Bytes JMP 0010B840 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtCreateKey + 5 772A4A75 1 Byte [E9] .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtCreateKey + 5 772A4A75 5 Bytes JMP 0010B87A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtCreateUserProcess + 5 772A4BE5 5 Bytes JMP 0010B8B4 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtDeleteFile + 5 772A4C75 5 Bytes JMP 0010B8EE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtDeleteKey + 5 772A4C85 5 Bytes JMP 0010BA4A C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtDeleteValueKey + 5 772A4CB5 5 Bytes JMP 0010B928 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtMapViewOfSection + 5 772A5095 5 Bytes JMP 0010B962 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtOpenFile + 5 772A5145 5 Bytes JMP 0010B99C C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtOpenKey + 5 772A5175 5 Bytes JMP 0010B9D6 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtOpenKeyEx + 5 772A5185 5 Bytes JMP 0010BA10 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtRenameKey + 5 772A5835 5 Bytes JMP 0010BA84 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtSetInformationFile + 5 772A5AA5 5 Bytes JMP 0010BABE C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtSetValueKey + 5 772A5C75 5 Bytes JMP 0010BAF8 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) .text C:\Windows\system32\AUDIODG.EXE[6132] ntdll.dll!NtTerminateProcess + 5 772A5D35 5 Bytes JMP 0010BB32 C:\Windows\SYSTEM32\SYSFER.DLL (Symantec CMC Firewall sysfer/Symantec Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[808] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\mountmgr \Device\MountPointManager SysPlant.sys (Symantec CMC Firewall SysPlant/Symantec Corporation) Device \Driver\ACPI_HAL \Device\0000006a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a822d0657 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a822d0657 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 216 x 1219 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 216 x 1219 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 216 x 914 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 216 x 914 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 297 x 1219 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 297 x 1219 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 297 x 914 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPAN\Forms\Wstęga 297 x 914 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 216 x 1219 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 216 x 1219 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 216 x 914 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 216 x 914 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 297 x 1219 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 297 x 1219 mm@FormKeyword Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 297 x 914 mm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\BPCO\Forms\Wstęga 297 x 914 mm@FormKeyword ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----