GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-25 00:19:54 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0004 Running: dkeqhoct.exe; Driver: C:\DOCUME~1\jaro\LOCALS~1\Temp\fwroypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x9DE3ACF0] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E096AE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9DE7A96] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9DE7D5E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9E0A04C] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9E0A3D6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x9DE3A782] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E088EC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x9DE3A6C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x9DE3A726] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x9DE3ADA6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E0A91A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x9DE3AD66] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9E09A50] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9DE7506] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9DE479D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9DE47B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP 9DE47B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP 9DE479D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP 9DE435D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP 9DE44FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) init C:\WINDOWS\system32\Drivers\OEM13Afx.sys entry point in "init" section [0x9E037310] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0x9D742400, 0x7960C, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x9D7E4420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x9D7E4420] .protect˙˙˙˙hardlockunknown last code section [0x9D7E4200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0x9D7E4200, 0x5049, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001 .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[344] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001 .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\MemStat XP\MemStat.exe[368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001 .text C:\Program Files\MemStat XP\MemStat.exe[368] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717C0F5A .text C:\Program Files\MemStat XP\MemStat.exe[368] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71830F5A .text C:\Program Files\MemStat XP\MemStat.exe[368] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\MemStat XP\MemStat.exe[368] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\MemStat XP\MemStat.exe[368] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71790F5A .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [36, 5D] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [4B, 5D] {DEC EBX; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [3F, 5D] {AAS ; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [57, 5D] {PUSH EDI; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [51, 5D] {PUSH ECX; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [4E, 5D] {DEC ESI; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [42, 5D] {INC EDX; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [54, 5D] {PUSH ESP; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [3C, 5D] {CMP AL, 0x5d} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [48, 5D] {DEC EAX; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [45, 5D] {INC EBP; POP EBP} .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [39, 5D] .text C:\Program Files\eLiska3\MSSQL10.ELISKACLIENT2008\MSSQL\Binn\sqlservr.exe[468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 40D40001 .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[632] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\WINDOWS\System32\alg.exe[632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00890001 .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AC, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71AE0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[664] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\System32\WLTRYSVC.EXE[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001 .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\bcmwltry.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71] .text C:\WINDOWS\System32\bcmwltry.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01650001 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01FA0001 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[760] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[892] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\DRIVERS\o2flash.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001 .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 71790F5A .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71800F5A .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7B, 71] {JNP 0x73} .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[928] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71760F5A .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71] .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06140001 .text C:\Program Files\PC Tools Security\pctsSvc.exe[1020] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools) .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71] .text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01260001 .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text c:\drivers\audio\r211990\stacsv.exe[1276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text c:\drivers\audio\r211990\stacsv.exe[1276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01210001 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00970001 .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001 .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[1468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\csrss.exe[1468] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01720001 .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\winlogon.exe[1492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001 .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\services.exe[1536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016A0001 .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73} .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1548] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71] .text C:\WINDOWS\system32\lsass.exe[1548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001 .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe[1612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001 .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001 .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001 .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71] .text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02D90001 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001 .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2020] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001 .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\DellTPad\HidFind.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\DellTPad\HidFind.exe[2124] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\DellTPad\HidFind.exe[2124] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\DellTPad\HidFind.exe[2124] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\HidFind.exe[2124] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\DellTPad\HidFind.exe[2124] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\PC Tools Security\pctsGui.exe[2180] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BB95 C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[2212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001 .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71] .text C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001 .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\svchost.exe[2448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001 .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\DellTPad\Apntex.exe[2684] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\DellTPad\Apntex.exe[2684] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\DellTPad\Apntex.exe[2684] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\DellTPad\Apntex.exe[2684] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apntex.exe[2684] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\DellTPad\Apntex.exe[2684] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\ctfmon.exe[2724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001 .text C:\WINDOWS\system32\ctfmon.exe[2724] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2724] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\ctfmon.exe[2724] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2724] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\ctfmon.exe[2724] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001 .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001 .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe[2812] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001 .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 71790F5A .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71800F5A .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2832] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71760F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717A0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71810F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7C, 71] {JL 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2932] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71770F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3004] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\Explorer.EXE[3016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001 .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 029C0001 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001 .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\DellTPad\Apoint.exe[3612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001 .text C:\Program Files\DellTPad\Apoint.exe[3612] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\DellTPad\Apoint.exe[3612] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\DellTPad\Apoint.exe[3612] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\Apoint.exe[3612] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\DellTPad\Apoint.exe[3612] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\IDT\WDM\sttray.exe[3620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001 .text C:\Program Files\IDT\WDM\sttray.exe[3620] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\IDT\WDM\sttray.exe[3620] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\IDT\WDM\sttray.exe[3620] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\IDT\WDM\sttray.exe[3620] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\IDT\WDM\sttray.exe[3620] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\AESTFltr.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001 .text C:\WINDOWS\system32\AESTFltr.exe[3628] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\AESTFltr.exe[3628] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\AESTFltr.exe[3628] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\AESTFltr.exe[3628] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\AESTFltr.exe[3628] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\igfxtray.exe[3636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01890001 .text C:\WINDOWS\system32\igfxtray.exe[3636] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\igfxtray.exe[3636] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\igfxtray.exe[3636] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxtray.exe[3636] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\igfxtray.exe[3636] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\hkcmd.exe[3652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012C0001 .text C:\WINDOWS\system32\hkcmd.exe[3652] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\hkcmd.exe[3652] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\hkcmd.exe[3652] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3652] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\hkcmd.exe[3652] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\igfxpers.exe[3688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001 .text C:\WINDOWS\system32\igfxpers.exe[3688] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\igfxpers.exe[3688] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\igfxpers.exe[3688] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3688] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\igfxpers.exe[3688] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe[3744] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01620001 .text C:\WINDOWS\system32\igfxsrvc.exe[3772] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[3772] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\WINDOWS\system32\igfxsrvc.exe[3772] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[3772] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\system32\igfxsrvc.exe[3772] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\WINDOWS\system32\WLTRAY.exe[3824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01270001 .text C:\WINDOWS\system32\WLTRAY.exe[3824] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717A0F5A .text C:\WINDOWS\system32\WLTRAY.exe[3824] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71810F5A .text C:\WINDOWS\system32\WLTRAY.exe[3824] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\WLTRAY.exe[3824] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7C, 71] {JL 0x73} .text C:\WINDOWS\system32\WLTRAY.exe[3824] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71770F5A .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717C0F5A .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71830F5A .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3836] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71790F5A .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A00001 .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3844] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001 .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\USB Product Driver v2.16r002\shwicon.exe[3876] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001 .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717C0F5A .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71830F5A .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3888] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71790F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B20001 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717C0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71830F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71790F5A .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71} .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 717D0F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71840F5A .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4004] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 717A0F5A .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[4028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001 .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[4460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71] .text C:\WINDOWS\Explorer.EXE[4460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [79, 71] {JNS 0x73} .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [8E, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [9E, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [82, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9A, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [94, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [91, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [85, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [97, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [7F, 71] {JG 0x73} .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8B, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [88, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [7C, 71] {JL 0x73} .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001 .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] USER32.dll!ChangeDisplaySettingsExA 7E37384E 6 Bytes JMP 71A50F5A .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] USER32.dll!SetForegroundWindow 7E3742ED 6 Bytes JMP 71AE0F5A .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] USER32.dll!SetWindowPos 7E3799F3 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] USER32.dll!SetWindowPos + 4 7E3799F7 2 Bytes [A7, 71] .text C:\Documents and Settings\jaro\Dokumenty\Pobieranie\viri-logi-testy\dkeqhoct.exe[5764] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 6 Bytes JMP 71A20F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1536] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1536] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device aswSP.SYS (avast! self protection module/AVAST Software) Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device ftdisk.sys (FT Disk Driver/Microsoft Corporation) Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----