GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-15 10:10:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: 6lchqznx.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kxlorpow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 988 fffff801ce6d141c 1 byte [21] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 7 bytes [48, B8, A4, 2A, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 7 bytes [48, B8, 18, 2C, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007fedda530e0 7 bytes [48, B8, 78, 13, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000007fedda530e8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 7 bytes [48, B8, 9C, 24, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 7 bytes [48, B8, 54, 29, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 7 bytes [48, B8, AC, 22, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 7 bytes [48, B8, 3C, 2B, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 7 bytes [48, B8, 0C, 24, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 7 bytes [48, B8, 68, 23, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 7 bytes [48, B8, 38, 75, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 6C, 97, 09, 00, 00, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 7 bytes [48, B8, C8, 1E, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 7 bytes [B8, 98, 9B, 6C, 97, 09, 00] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 10 000007fedc62a70a 6 bytes [50, C3, 90, 90, 90, 90] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 13 bytes [B8, 94, 1D, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 7 bytes [48, B8, 74, 78, 6C, 97, 09] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 13 bytes [B8, 60, 1C, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 6C, 97, 09, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\csrss.exe[712] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 6C, 97, 09, 00, ...] .text C:\WINDOWS\system32\atiesrxx.exe[648] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fedbe3177a 4 bytes [E3, DB, FE, 07] .text C:\WINDOWS\system32\atiesrxx.exe[648] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fedbe31782 4 bytes [E3, DB, FE, 07] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 7 bytes [48, B8, A4, 2A, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 7 bytes [48, B8, 18, 2C, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 7 bytes [48, B8, 9C, 24, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 7 bytes [48, B8, 54, 29, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 7 bytes [48, B8, AC, 22, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 7 bytes [48, B8, 3C, 2B, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 7 bytes [48, B8, 0C, 24, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 7 bytes [48, B8, 68, 23, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 7 bytes [48, B8, 38, 75, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, F1, 6C, B0, 00, 00, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 7 bytes [48, B8, C8, 1E, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 7 bytes [B8, 98, 9B, F1, 6C, B0, 00] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 10 000007fedc62a70a 6 bytes [50, C3, 90, 90, 90, 90] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 13 bytes [B8, 94, 1D, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 7 bytes [48, B8, 74, 78, F1, 6C, B0] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 13 bytes [B8, 60, 1C, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, F1, 6C, B0, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\csrss.exe[6032] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, F1, 6C, B0, 00, ...] .text C:\WINDOWS\system32\atieclxx.exe[2388] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fedbe3177a 4 bytes [E3, DB, FE, 07] .text C:\WINDOWS\system32\atieclxx.exe[2388] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fedbe31782 4 bytes [E3, DB, FE, 07] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 7 bytes [48, B8, A4, 2A, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 7 bytes [48, B8, 18, 2C, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 7 bytes [48, B8, 9C, 24, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 7 bytes [48, B8, 54, 29, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 7 bytes [48, B8, AC, 22, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 15 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 7 bytes [48, B8, 3C, 2B, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 7 bytes [48, B8, 0C, 24, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 7 bytes [48, B8, 68, 23, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 11 bytes [B8, 08, 14, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetRawInputData 000007fedc623b90 7 bytes [48, B8, 38, 75, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 16, EF, D1, 00, 00, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendInput 000007fedc62a5c0 7 bytes [48, B8, C8, 1E, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageW + 1 000007fedc62a701 7 bytes [B8, 98, 9B, 16, EF, D1, 00] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageW + 10 000007fedc62a70a 6 bytes [50, C3, 90, 90, 90, 90] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fedc62c5b1 13 bytes [B8, 94, 1D, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetKeyboardState 000007fedc62dd40 7 bytes [48, B8, 74, 78, 16, EF, D1] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fedc636261 13 bytes [B8, 60, 1C, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\SYSTEM32\user32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 16, EF, D1, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 16, EF, D1, 00, ...] .text C:\WINDOWS\system32\taskhostex.exe[3952] C:\WINDOWS\system32\WINMM.dll!waveInOpen + 1 000007fed2633bd1 11 bytes [B8, D8, 90, 16, EF, D1, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 72, 00, 00, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 72, 00] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 72] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 72, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\samcli.dll!NetUserChangePassword 000007feda8961f0 19 bytes [48, B8, 7C, 27, 72, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\samcli.dll!NetUserSetInfo + 1 000007feda897755 1 byte [B8] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\samcli.dll!NetUserSetInfo + 3 000007feda897757 12 bytes [26, 72, 00, 00, 00, 00, 00, ...] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\WINDOWS\Explorer.EXE[3524] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 6 bytes [48, B8, A4, 2A, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 6 bytes [48, B8, 18, 2C, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 6 bytes [48, B8, 9C, 24, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 6 bytes [48, B8, 54, 29, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 6 bytes [48, B8, AC, 22, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 14 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 14 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 6 bytes [48, B8, 3C, 2B, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 6 bytes [48, B8, 0C, 24, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 5 bytes [48, B8, 68, 23, 11] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 11, 01, 00, 00, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 5 bytes [B8, 94, 1D, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 5 bytes [B8, 60, 1C, 11, 01] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 11, 01, 00, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\SAMCLI.DLL!NetUserChangePassword 000007feda8961f0 19 bytes [48, B8, 7C, 27, 11, 01, 00, ...] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\SAMCLI.DLL!NetUserSetInfo + 1 000007feda897755 1 byte [B8] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4632] C:\WINDOWS\SYSTEM32\SAMCLI.DLL!NetUserSetInfo + 3 000007feda897757 12 bytes [26, 11, 01, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, F2, 00, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, F2, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, F2] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, F2, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, F2, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fed4291b32 4 bytes [29, D4, FE, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3644] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fed4291b3a 4 bytes [29, D4, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, AA, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, AA, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, AA] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, AA, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, AA, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[5884] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, AA, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 0F, 00, 00, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 0F] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\WINMM.dll!waveInOpen + 1 000007fed2633bd1 11 bytes [B8, D8, 90, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[2480] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 0F, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 34, 00, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 34, 00] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 34] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 34, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 34, 00, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[6556] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 34, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, FC, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, FC, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, FC] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, FC, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3272] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, FC, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 45, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 45, 00] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 45] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 45, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 45, 00, 00, 00, ...] .text C:\Program Files\Elantech\ETDIntelligent.exe[492] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 45, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\KERNEL32.DLL!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 17, 00, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fed8951532 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fed895153a 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fed895165a 4 bytes [95, D8, FE, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3068] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 000007fedda52cd0 5 bytes [48, B8, A4, 2A, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose + 8 000007fedda52cd8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 5 bytes [48, B8, 18, 2C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fedda52e68 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 000007fedda53130 5 bytes [48, B8, 9C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fedda53138 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000007fedda53331 5 bytes [48, B8, 54, 29, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000007fedda53339 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000007fedda53351 5 bytes [48, B8, AC, 22, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000007fedda53359 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcConnectPortEx + 8 000007fedda53369 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000007fedda53379 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fedda53471 5 bytes [48, B8, 3C, 2B, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000007fedda53479 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort 000007fedda53561 5 bytes [48, B8, 0C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtConnectPort + 8 000007fedda53569 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort 000007fedda54201 6 bytes [48, B8, 68, 23, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000007fedda54209 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fedda64a10 13 bytes [48, B8, 00, 75, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll + 1 000007fedda831c5 14 bytes [B8, 10, 74, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\KERNEL32.dll!VirtualProtect + 1 000007fedb512ce1 5 bytes [B8, 08, 14, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\KERNEL32.dll!VirtualProtect + 7 000007fedb512ce7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\KERNEL32.dll!VirtualProtectEx + 1 000007fedb5d4669 13 bytes [B8, 84, 14, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 000007fedc6210c1 14 bytes [B8, 00, 11, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!DispatchMessageW + 689 000007fedc6217d1 14 bytes [B8, 4C, 80, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CallNextHookEx + 1 000007fedc621881 14 bytes [B8, 38, 7B, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetMessageW 000007fedc621ed0 12 bytes [48, B8, 58, 10, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PostMessageW + 1 000007fedc6224a1 14 bytes [B8, 10, A1, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW 000007fedc622d40 18 bytes [48, B8, 04, 9D, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState + 1 000007fedc623a71 18 bytes [B8, 74, 76, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetRawInputData 000007fedc623b90 6 bytes [48, B8, 38, 75, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetRawInputData + 8 000007fedc623b98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageW + 1 000007fedc624761 13 bytes [B8, 50, 9A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 000007fedc625571 14 bytes [B8, A8, 10, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetMessageA 000007fedc625720 12 bytes [48, B8, 08, 10, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 1 000007fedc628b11 1 byte [B8] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowLongW + 3 000007fedc628b13 12 bytes [21, 17, 00, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendInput 000007fedc62a5c0 6 bytes [48, B8, C8, 1E, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendInput + 8 000007fedc62a5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 000007fedc62a701 5 bytes [B8, 98, 9B, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 7 000007fedc62a707 1 byte [00] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007fedc62bee0 12 bytes [48, B8, F8, 11, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 1 000007fedc62c5b1 4 bytes [B8, 94, 1D, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 7 000007fedc62c5b7 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!RegisterClassW + 177 000007fedc62d2f1 17 bytes [B8, 70, 81, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 000007fedc62dd40 6 bytes [48, B8, 74, 78, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetKeyboardState + 8 000007fedc62dd48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetKeyState 000007fedc62dd90 15 bytes [48, B8, 74, 77, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007fedc632f70 18 bytes [48, B8, 98, 12, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW + 1 000007fedc634be1 11 bytes [B8, D4, 9F, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 1 000007fedc634e91 8 bytes [B8, 84, 9E, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 10 000007fedc634e9a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PostMessageA + 1 000007fedc635061 14 bytes [B8, 6C, A0, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CharPrevA + 33 000007fedc6359c1 11 bytes [B8, 88, 7C, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CharPrevA + 145 000007fedc635a31 11 bytes [B8, C4, AB, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 1 000007fedc636261 4 bytes [B8, 60, 1C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 7 000007fedc636267 7 bytes [00, 00, 00, 50, C3, 90, 90] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA + 1 000007fedc636ce1 14 bytes [B8, 3C, 9F, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 1 000007fedc63f101 8 bytes [B8, 3C, 9C, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA + 10 000007fedc63f10a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 000007fedc643271 8 bytes [B8, F4, 9A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 10 000007fedc64327a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetClipboardData 000007fedc64ce70 12 bytes [48, B8, 74, 1F, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageA + 1 000007fedc64f291 14 bytes [B8, AC, 99, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 000007fedc651851 8 bytes [B8, 58, 11, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 000007fedc65185a 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!EndTask + 1 000007fedc671021 17 bytes [B8, 34, 22, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!GetRawInputBuffer + 1 000007fedc682d91 12 bytes [B8, 0C, 76, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!keybd_event 000007fedc690b28 17 bytes [48, B8, 74, 1B, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 000007fedc698c00 15 bytes [48, B8, CC, 9D, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!BitBlt 000007fedb192a50 13 bytes [48, B8, 1C, 15, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!GdiAlphaBlend 000007fedb1a11e0 16 bytes [48, B8, EC, 18, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!MaskBlt + 1 000007fedb1a4ee5 14 bytes [B8, 00, 16, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!StretchBlt + 1 000007fedb1bb081 14 bytes [B8, 78, 1A, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!GetPixel + 1 000007fedb1bb345 14 bytes [B8, E8, 19, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!GdiTransparentBlt + 1 000007fedb1bdd39 14 bytes [B8, F0, 17, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\GDI32.dll!PlgBlt + 1 000007fedb1cff41 14 bytes [B8, 08, 17, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 000007fedae62100 16 bytes [48, B8, E4, 93, 17, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx + 1 000007fedae76671 14 bytes [B8, 74, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\SYSTEM32\combase.dll!CoGetClassObject + 1 000007fedae8ce5d 14 bytes [B8, E4, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4284] C:\WINDOWS\system32\MSCTF.dll!TF_Notify + 1 000007fedb3f1381 12 bytes [B8, 00, AC, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 04, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 04, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 04, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 04, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 04, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 04, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[5752] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 89, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 89, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 89, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 89, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 89, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 89, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[6536] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\USB Camera\VM331STI.EXE[4716] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe[4452] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, BE, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, BE, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, BE, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, BE, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, BE, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, BE, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3032] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, EC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, EC, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, EC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, EC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, EC, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, EC, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[4488] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 6D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 6D, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 6D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 6D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 6D, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 6D, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[5044] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 5E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 5E, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 5E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 5E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 5E, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 5E, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4164] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, C9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, C9, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, C9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, C9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, C9, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, C9, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3020] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 8A, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 8A, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 8A, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 8A, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 8A, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 8A, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3816] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 9D, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 9D, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 9D, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[4464] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 4C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 4C, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 4C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 4C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 4C, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 4C, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2136] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, 05, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, 05, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, 05, FF, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3648] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, BD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, BD, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, BD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, BD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, BD, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, BD, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[1288] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, FF, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, FF, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, FF, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, FF, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, FF, FE, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, FF, FE, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2856] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007fedda5104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 136 000007fedda51118 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 152 000007fedda51128 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!_local_unwind + 36 000007fedda51174 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!strcat + 146 000007fedda51302 8 bytes [10, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 183 000007fedda513d7 8 bytes [00, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!strcpy + 199 000007fedda513e7 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 000007fedda52cb0 8 bytes {JMP QWORD [RIP-0x1b42]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007fedda52e30 8 bytes {JMP QWORD [RIP-0x1b34]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fedda52e60 8 bytes {JMP QWORD [RIP-0x1d4e]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fedda52f80 8 bytes {JMP QWORD [RIP-0x1e4e]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fedda53030 8 bytes {JMP QWORD [RIP-0x1f0e]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fedda536f1 8 bytes {JMP QWORD [RIP-0x2300]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 000007fedda539d1 8 bytes {JMP QWORD [RIP-0x25f0]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007fedda54251 8 bytes {JMP QWORD [RIP-0x2e80]} .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 616 00000000772c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000772c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 140 00000000772c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000772c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000772c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Adam\AppData\Local\Temp\scoped_dir3032_10319\6lchqznx.exe[2508] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000772c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\System32\drivers\kbdclass.sys[ntoskrnl.exe!IofCompleteRequest] [fffff8800666be1c] \??\C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [.text] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\System32\svchost.exe [1248:2684] 000007fed37d1d44 Thread C:\WINDOWS\System32\svchost.exe [1248:2692] 000007fed37d22c4 Thread C:\WINDOWS\System32\svchost.exe [1248:3300] 000007fed37d25b4 Thread C:\WINDOWS\system32\csrss.exe [6032:4276] fffff960008bd5e8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 2033261533 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a4db3084d259 Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@CheckVersion 565 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----