GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-13 17:55:15 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD103UJ rev.1AA01113 Running: 220qkyhz.exe; Driver: C:\DOCUME~1\Amadeusz\USTAWI~1\Temp\agtcifow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E4E3C0, 0x9B091A, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\RTHDCPL.EXE[124] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 030652A1; RET .text C:\WINDOWS\RTHDCPL.EXE[124] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 06, 03, C3] {JL 0x56; PUSH ES; ADD EAX, EBX} .text C:\WINDOWS\RTHDCPL.EXE[124] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 030656E5; RET .text C:\WINDOWS\RTHDCPL.EXE[124] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 030656A4; RET .text C:\WINDOWS\RTHDCPL.EXE[124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 03065762; RET .text C:\WINDOWS\RTHDCPL.EXE[124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0306574B; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 03070B69; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 03070AEB; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 030625E6; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 03070B2A; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 03074A06; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 03074A56; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 03074967; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0306A84E; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4139B62C .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 0306A4DC; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 0306A52C; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0306A5D6; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 03074A2E; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0306A93A; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0306A54A; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 030709E0; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 03070A50; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 03074839; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 03074807; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0306A780; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 03074A81; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 03070BA9; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0306A7C9; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0306A590; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 030748BD; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 03074917; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 03070A90; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0306A89B; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 03070C3C; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0306A662; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0306A6F4; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0306275C; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0306A61C; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0306A6AB; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0306A73A; RET .text C:\WINDOWS\RTHDCPL.EXE[124] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 03074880; RET .text C:\WINDOWS\RTHDCPL.EXE[124] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 030607A7; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 03062883; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 03062C72; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WS2_32.dll!send 71A54C27 6 Bytes PUSH 03062CAA; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 03062813; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 03062CCB; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0305FEB3; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0305FFE6; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0305FE46; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0305FFBA; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0305FB8E; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0305FBCC; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0305FB50; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0305FC21; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0305FEE1; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0305FF60; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0305FD13; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0305FC76; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0305FDB0; RET .text C:\WINDOWS\RTHDCPL.EXE[124] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0305FDFB; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, D5] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, D5] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00D556E5; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00D556A4; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00D60B69; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00D525E6; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00D64A06; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00D64A56; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00D64967; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00D5A84E; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137852C .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, D5] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, D5] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00D5A5D6; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00D64A2E; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00D5A93A; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00D5A54A; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00D64839; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00D64807; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00D5A780; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00D64A81; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00D60BA9; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00D5A7C9; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00D5A590; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00D64917; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, D6] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00D5A89B; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00D60C3C; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00D5A662; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00D5A6F4; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00D5275C; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00D5A61C; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00D5A6AB; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00D5A73A; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00D64880; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00D55762; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00D5574B; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00D52883; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00D52C72; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00D52CAA; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00D52813; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00D52CCB; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00D507A7; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00D4FEB3; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00D4FFE6; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00D4FE46; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00D4FFBA; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00D4FB8E; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00D4FBCC; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00D4FB50; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00D4FC21; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00D4FEE1; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00D4FF60; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00D4FD13; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00D4FC76; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00D4FDB0; RET .text C:\Program Files\Razer\Lachesis\razerhid.exe[136] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00D4FDFB; RET .text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, B0] .text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, B0] .text C:\WINDOWS\system32\ctfmon.exe[392] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B056E5; RET .text C:\WINDOWS\system32\ctfmon.exe[392] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B056A4; RET .text C:\WINDOWS\system32\ctfmon.exe[392] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00B05762; RET .text C:\WINDOWS\system32\ctfmon.exe[392] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00B0574B; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00B10B69; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00B025E6; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00B14A06; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00B14A56; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00B14967; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00B0A84E; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137602C .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, B0] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, B0] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00B0A5D6; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00B14A2E; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00B0A93A; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00B0A54A; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00B14839; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00B14807; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00B0A780; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00B14A81; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00B10BA9; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00B0A7C9; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00B0A590; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00B14917; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, B1] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00B0A89B; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00B10C3C; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00B0A662; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00B0A6F4; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00B0275C; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00B0A61C; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00B0A6AB; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00B0A73A; RET .text C:\WINDOWS\system32\ctfmon.exe[392] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00B14880; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00B02883; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00B02C72; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00B02CAA; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00B02813; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00B02CCB; RET .text C:\WINDOWS\system32\ctfmon.exe[392] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00B007A7; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00AFFEB3; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00AFFFE6; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00AFFE46; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00AFFFBA; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00AFFB8E; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00AFFBCC; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00AFFB50; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00AFFC21; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00AFFEE1; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00AFFF60; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00AFFD13; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00AFFC76; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00AFFDB0; RET .text C:\WINDOWS\system32\ctfmon.exe[392] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00AFFDFB; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 014852A1; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 48, 01, C3] {JL 0x56; DEC EAX; ADD EBX, EAX} .text C:\WINDOWS\system32\RunDLL32.exe[428] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 014856E5; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 014856A4; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01490B69; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01490AEB; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 014825E6; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01490B2A; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01494A06; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01494A56; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01494967; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0148A84E; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137F82C .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 0148A4DC; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 0148A52C; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0148A5D6; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01494A2E; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0148A93A; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0148A54A; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 014909E0; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01490A50; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01494839; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01494807; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0148A780; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01494A81; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01490BA9; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0148A7C9; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0148A590; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 014948BD; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01494917; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01490A90; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0148A89B; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01490C3C; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0148A662; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0148A6F4; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0148275C; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0148A61C; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0148A6AB; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0148A73A; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01494880; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01485762; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0148574B; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01482883; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 01482C72; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WS2_32.dll!send 71A54C27 6 Bytes PUSH 01482CAA; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 01482813; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 01482CCB; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 014807A7; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0147FEB3; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0147FFE6; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0147FE46; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0147FFBA; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0147FB8E; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0147FBCC; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0147FB50; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0147FC21; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0147FEE1; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0147FF60; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0147FD13; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0147FC76; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0147FDB0; RET .text C:\WINDOWS\system32\RunDLL32.exe[428] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0147FDFB; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 017852A1; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 78, 01, C3] {JL 0x56; JS 0x5; RET } .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 017856E5; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 017856A4; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01785762; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0178574B; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01790B69; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01790AEB; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 017825E6; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01790B2A; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01794A06; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01794A56; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01794967; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0178A84E; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4138282C .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 0178A4DC; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 0178A52C; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0178A5D6; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01794A2E; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0178A93A; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0178A54A; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 017909E0; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01790A50; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01794839; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01794807; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0178A780; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01794A81; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01790BA9; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0178A7C9; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0178A590; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 017948BD; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01794917; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01790A90; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0178A89B; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01790C3C; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0178A662; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0178A6F4; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0178275C; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0178A61C; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0178A6AB; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0178A73A; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01794880; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0177FEB3; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0177FFE6; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0177FE46; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0177FFBA; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0177FB8E; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0177FBCC; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0177FB50; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0177FC21; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0177FEE1; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0177FF60; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0177FD13; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0177FC76; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0177FDB0; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] wininet.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0177FDFB; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01782883; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 01782C72; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] WS2_32.dll!send 71A54C27 6 Bytes PUSH 01782CAA; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 01782813; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 01782CCB; RET .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[520] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 017807A7; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, AD] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, AD] {JL 0x56; LODSD } .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00AD56E5; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00AD56A4; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00AE0B69; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00AD25E6; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00AE4A06; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00AE4A56; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00AE4967; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00ADA84E; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 41375D2C .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, AD] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, AD] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00ADA5D6; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00AE4A2E; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00ADA93A; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00ADA54A; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00AE4839; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00AE4807; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00ADA780; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00AE4A81; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00AE0BA9; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00ADA7C9; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00ADA590; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00AE4917; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, AE] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00ADA89B; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00AE0C3C; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00ADA662; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00ADA6F4; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00AD275C; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00ADA61C; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00ADA6AB; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00ADA73A; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00AE4880; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00AD5762; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00AD574B; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00AD2883; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00AD2C72; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00AD2CAA; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00AD2813; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00AD2CCB; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00AD07A7; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00ACFEB3; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00ACFFE6; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00ACFE46; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00ACFFBA; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00ACFB8E; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00ACFBCC; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00ACFB50; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00ACFC21; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00ACFEE1; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00ACFF60; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00ACFD13; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00ACFC76; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00ACFDB0; RET .text C:\Program Files\Razer\Lachesis\OSD.exe[524] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00ACFDFB; RET .text C:\WINDOWS\system32\rundll32.exe[540] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, FD] .text C:\WINDOWS\system32\rundll32.exe[540] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, FD] {JL 0x56; STD } .text C:\WINDOWS\system32\rundll32.exe[540] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00FD56E5; RET .text C:\WINDOWS\system32\rundll32.exe[540] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00FD56A4; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00FE0B69; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00FD25E6; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00FE4A06; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00FE4A56; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00FE4967; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00FDA84E; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137AD2C .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, FD] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, FD] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00FDA5D6; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00FE4A2E; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00FDA93A; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00FDA54A; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00FE4839; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00FE4807; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00FDA780; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00FE4A81; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00FE0BA9; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00FDA7C9; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00FDA590; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00FE4917; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, FE] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00FDA89B; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00FE0C3C; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00FDA662; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00FDA6F4; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00FD275C; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00FDA61C; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00FDA6AB; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00FDA73A; RET .text C:\WINDOWS\system32\rundll32.exe[540] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00FE4880; RET .text C:\WINDOWS\system32\rundll32.exe[540] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00FD5762; RET .text C:\WINDOWS\system32\rundll32.exe[540] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00FD574B; RET .text C:\WINDOWS\system32\rundll32.exe[540] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00FD2883; RET .text C:\WINDOWS\system32\rundll32.exe[540] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00FD2C72; RET .text C:\WINDOWS\system32\rundll32.exe[540] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00FD2CAA; RET .text C:\WINDOWS\system32\rundll32.exe[540] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00FD2813; RET .text C:\WINDOWS\system32\rundll32.exe[540] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00FD2CCB; RET .text C:\WINDOWS\system32\rundll32.exe[540] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00FD07A7; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00FCFEB3; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00FCFFE6; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00FCFE46; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00FCFFBA; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00FCFB8E; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00FCFBCC; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00FCFB50; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00FCFC21; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00FCFEE1; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00FCFF60; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00FCFD13; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00FCFC76; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00FCFDB0; RET .text C:\WINDOWS\system32\rundll32.exe[540] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00FCFDFB; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 013B52A1; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, 3B, 01, C3] {JL 0x56; CMP EAX, [ECX]; RET } .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 013B56E5; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 013B56A4; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 013B5762; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 013B574B; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 013C0B69; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 013C0AEB; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 013B25E6; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 013C0B2A; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 013C4A06; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 013C4A56; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetCapture 7E3694DA 3 Bytes [68, 67, 49] .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetCapture + 4 7E3694DE 2 Bytes [01, C3] {ADD EBX, EAX} .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 013BA84E; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137EB2C .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 013BA4DC; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 013BA52C; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 013BA5D6; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 013C4A2E; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 013BA93A; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 013BA54A; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 013C09E0; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 013C0A50; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 013C4839; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 013C4807; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 013BA780; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 013C4A81; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 013C0BA9; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 013BA7C9; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 013BA590; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 013C48BD; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 013C4917; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 013C0A90; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 013BA89B; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 013C0C3C; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 013BA662; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 013BA6F4; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 013B275C; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 013BA61C; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 013BA6AB; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 013BA73A; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 013C4880; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 013B2883; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 013B2C72; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WS2_32.dll!send 71A54C27 6 Bytes PUSH 013B2CAA; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 013B2813; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 013B2CCB; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 013B07A7; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 013AFEB3; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 013AFFE6; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 013AFE46; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 013AFFBA; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 013AFB8E; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 013AFBCC; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 013AFB50; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 013AFC21; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 013AFEE1; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 013AFF60; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 013AFD13; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 013AFC76; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 013AFDB0; RET .text C:\Documents and Settings\Amadeusz\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe[572] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 013AFDFB; RET .text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01FD52A1; RET .text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!LdrLoadDll + 1 7C91632E 5 Bytes [7C, 54, FD, 01, C3] {JL 0x56; STD ; ADD EBX, EAX} .text C:\WINDOWS\Explorer.EXE[1676] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 01FD56E5; RET .text C:\WINDOWS\Explorer.EXE[1676] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 01FD56A4; RET .text C:\WINDOWS\Explorer.EXE[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 01FD5762; RET .text C:\WINDOWS\Explorer.EXE[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 01FD574B; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01FE0B69; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01FE0AEB; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 01FD25E6; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01FE0B2A; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01FE4A06; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01FE4A56; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01FE4967; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01FDA84E; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4138AD2C .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!OpenInputDesktop 7E36ECA3 6 Bytes PUSH 01FDA4DC; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!SwitchDesktop 7E36FE6E 6 Bytes PUSH 01FDA52C; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 01FDA5D6; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 01FE4A2E; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 01FDA93A; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 01FDA54A; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!BeginPaint 7E378FE9 6 Bytes PUSH 01FE09E0; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!EndPaint 7E378FFD 6 Bytes PUSH 01FE0A50; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 01FE4839; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 01FE4807; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 01FDA780; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 01FE4A81; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 01FE0BA9; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 01FDA7C9; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 01FDA590; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!SetCapture 7E37C35E 6 Bytes PUSH 01FE48BD; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 01FE4917; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetDCEx 7E37C595 6 Bytes PUSH 01FE0A90; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 01FDA89B; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 01FE0C3C; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 01FDA662; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 01FDA6F4; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 01FD275C; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 01FDA61C; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 01FDA6AB; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 01FDA73A; RET .text C:\WINDOWS\Explorer.EXE[1676] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 01FE4880; RET .text C:\WINDOWS\Explorer.EXE[1676] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 01FD07A7; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 01FCFEB3; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 01FCFFE6; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 01FCFE46; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 01FCFFBA; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 01FCFB8E; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 01FCFBCC; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 01FCFB50; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 01FCFC21; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 01FCFEE1; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 01FCFF60; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 01FCFD13; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 01FCFC76; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 01FCFDB0; RET .text C:\WINDOWS\Explorer.EXE[1676] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 01FCFDFB; RET .text C:\WINDOWS\Explorer.EXE[1676] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01FD2883; RET .text C:\WINDOWS\Explorer.EXE[1676] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 01FD2C72; RET .text C:\WINDOWS\Explorer.EXE[1676] WS2_32.dll!send 71A54C27 6 Bytes PUSH 01FD2CAA; RET .text C:\WINDOWS\Explorer.EXE[1676] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 01FD2813; RET .text C:\WINDOWS\Explorer.EXE[1676] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 01FD2CCB; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 14] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, 14] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001456E5; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001456A4; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00150B69; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001425E6; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00154A06; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00154A56; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00154967; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0014A84E; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C42C .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 14] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 14] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0014A5D6; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00154A2E; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0014A93A; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0014A54A; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00154839; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00154807; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0014A780; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00154A81; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00150BA9; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0014A7C9; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014A590; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00154917; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 15] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0014A89B; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00150C3C; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0014A662; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0014A6F4; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014275C; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0014A61C; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0014A6AB; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0014A73A; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00154880; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00145762; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014574B; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00142883; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00142C72; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00142CAA; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00142813; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00142CCB; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001407A7; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0013FEB3; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0013FFE6; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0013FE46; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0013FFBA; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0013FB8E; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0013FBCC; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0013FB50; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0013FC21; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0013FEE1; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0013FF60; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0013FD13; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0013FC76; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0013FDB0; RET .text C:\Documents and Settings\Amadeusz\Pulpit\220qkyhz.exe[2344] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0013FDFB; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, BB] .text C:\WINDOWS\system32\wscntfy.exe[2440] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, BB] .text C:\WINDOWS\system32\wscntfy.exe[2440] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00BB56E5; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00BB56A4; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00BC0B69; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00BB25E6; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00BC4A06; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00BC4A56; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00BC4967; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00BBA84E; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 41376B2C .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, BB] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, BB] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00BBA5D6; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00BC4A2E; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00BBA93A; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00BBA54A; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00BC4839; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00BC4807; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00BBA780; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00BC4A81; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00BC0BA9; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00BBA7C9; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00BBA590; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00BC4917; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, BC] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00BBA89B; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00BC0C3C; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00BBA662; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00BBA6F4; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00BB275C; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00BBA61C; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00BBA6AB; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00BBA73A; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00BC4880; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00BB5762; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00BB574B; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00BB2883; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00BB2C72; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00BB2CAA; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00BB2813; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00BB2CCB; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00BB07A7; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00BAFEB3; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00BAFFE6; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00BAFE46; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00BAFFBA; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00BAFB8E; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00BAFBCC; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00BAFB50; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00BAFC21; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00BAFEE1; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00BAFF60; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00BAFD13; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00BAFC76; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00BAFDB0; RET .text C:\WINDOWS\system32\wscntfy.exe[2440] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00BAFDFB; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 14] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, 14] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001456E5; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001456A4; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00150B69; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001425E6; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00154A06; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00154A56; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00154967; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0014A84E; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C42C .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 14] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 14] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0014A5D6; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00154A2E; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0014A93A; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0014A54A; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00154839; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00154807; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0014A780; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00154A81; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00150BA9; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0014A7C9; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014A590; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00154917; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 15] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0014A89B; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00150C3C; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0014A662; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0014A6F4; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014275C; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0014A61C; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0014A6AB; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0014A73A; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00154880; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00145762; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014574B; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00142883; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00142C72; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00142CAA; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00142813; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00142CCB; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001407A7; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0013FEB3; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0013FFE6; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0013FE46; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0013FFBA; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0013FB8E; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0013FBCC; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0013FB50; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0013FC21; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0013FEE1; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0013FF60; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0013FD13; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0013FC76; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0013FDB0; RET .text C:\Program Files\Razer\Lachesis\razertra.exe[2472] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0013FDFB; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 14] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, 14] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001456E5; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001456A4; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00150B69; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001425E6; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00154A06; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00154A56; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00154967; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0014A84E; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C42C .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 14] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 14] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0014A5D6; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00154A2E; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0014A93A; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0014A54A; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00154839; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00154807; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0014A780; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00154A81; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00150BA9; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0014A7C9; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014A590; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00154917; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 15] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0014A89B; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00150C3C; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0014A662; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0014A6F4; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014275C; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0014A61C; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0014A6AB; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0014A73A; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00154880; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00145762; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014574B; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00142883; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00142C72; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00142CAA; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00142813; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00142CCB; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001407A7; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0013FEB3; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0013FFE6; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0013FE46; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0013FFBA; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0013FB8E; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0013FBCC; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0013FB50; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0013FC21; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0013FEE1; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0013FF60; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0013FD13; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0013FC76; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0013FDB0; RET .text C:\Program Files\Razer\Lachesis\razerofa.exe[2676] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0013FDFB; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 14] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, 14] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001456E5; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001456A4; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00145762; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014574B; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00142883; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00142C72; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00142CAA; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00142813; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00142CCB; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00150B69; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001425E6; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00154A06; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00154A56; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00154967; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0014A84E; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C42C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 14] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 14] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0014A5D6; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00154A2E; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0014A93A; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0014A54A; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00154839; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00154807; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0014A780; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00154A81; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00150BA9; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0014A7C9; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014A590; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00154917; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 15] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0014A89B; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00150C3C; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0014A662; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0014A6F4; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014275C; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0014A61C; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0014A6AB; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0014A73A; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00154880; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001407A7; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0013FEB3; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0013FFE6; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0013FE46; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0013FFBA; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0013FB8E; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0013FBCC; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0013FB50; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0013FC21; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0013FEE1; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0013FF60; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0013FD13; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0013FC76; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0013FDB0; RET .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3284] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0013FDFB; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, FD] .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!LdrLoadDll + 1 7C91632E 3 Bytes [7C, 54, FD] {JL 0x56; STD } .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!LdrLoadDll + 5 7C916332 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00FD56E5; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00FD56A4; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00FD5762; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00FD574B; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00FE0B69; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00FD25E6; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00FE4A06; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00FE4A56; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00FE4967; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00FDA84E; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4137AD2C .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, FD] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, FD] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 00FDA5D6; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00FE4A2E; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 00FDA93A; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 00FDA54A; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00FE4839; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00FE4807; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 00FDA780; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00FE4A81; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00FE0BA9; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 00FDA7C9; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 00FDA590; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00FE4917; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, FE] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 00FDA89B; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00FE0C3C; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 00FDA662; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 00FDA6F4; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 00FD275C; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 00FDA61C; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 00FDA6AB; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 00FDA73A; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00FE4880; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00FD07A7; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00FD2883; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00FD2C72; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00FD2CAA; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00FD2813; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00FD2CCB; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 00FCFEB3; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 00FCFFE6; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 00FCFE46; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 00FCFFBA; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 00FCFB8E; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 00FCFBCC; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 00FCFB50; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 00FCFC21; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 00FCFEE1; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 00FCFF60; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 00FCFD13; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 00FCFC76; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 00FCFDB0; RET .text C:\WINDOWS\system32\wuauclt.exe[3616] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 00FCFDFB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, A1, 52, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ntdll.dll!LdrLoadDll 7C91632D 6 Bytes JMP 01670C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018A7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018A7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 001456E5; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 001456A4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01673FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00150B69; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetDC 7E3686C7 4 Bytes [68, EB, 0A, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 001425E6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 2A, 0B, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00154A06; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00154A56; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00154967; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 0014A84E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes CALL 4136C42C .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!OpenInputDesktop 7E36ECA3 4 Bytes [68, DC, A4, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!OpenInputDesktop + 5 7E36ECA8 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!SwitchDesktop 7E36FE6E 4 Bytes [68, 2C, A5, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!SwitchDesktop + 5 7E36FE73 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefDlgProcW 7E373D3A 6 Bytes PUSH 0014A5D6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetMessageA 7E37772B 6 Bytes PUSH 00154A2E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!RegisterClassExA 7E377C39 6 Bytes PUSH 0014A93A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefWindowProcW 7E378D20 6 Bytes PUSH 0014A54A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!BeginPaint 7E378FE9 4 Bytes [68, E0, 09, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!BeginPaint + 5 7E378FEE 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!EndPaint 7E378FFD 4 Bytes [68, 50, 0A, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!EndPaint + 5 7E379002 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetCursorPos 7E37974E 6 Bytes PUSH 00154839; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetMessagePos 7E37996C 6 Bytes PUSH 00154807; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!CallWindowProcW 7E37A01E 6 Bytes PUSH 0014A780; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!PeekMessageA 7E37A340 6 Bytes PUSH 00154A81; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetUpdateRect 7E37A8C9 6 Bytes PUSH 00150BA9; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!CallWindowProcA 7E37A97D 6 Bytes PUSH 0014A7C9; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefWindowProcA 7E37C17E 6 Bytes PUSH 0014A590; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!SetCapture 7E37C35E 4 Bytes [68, BD, 48, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!SetCapture + 5 7E37C363 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!ReleaseCapture 7E37C37A 6 Bytes PUSH 00154917; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetDCEx 7E37C595 4 Bytes [68, 90, 0A, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetDCEx + 5 7E37C59A 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes PUSH 0014A89B; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetUpdateRgn 7E37F5EC 6 Bytes PUSH 00150C3C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefFrameProcW 7E380833 6 Bytes PUSH 0014A662; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefMDIChildProcW 7E380A47 6 Bytes PUSH 0014A6F4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!GetClipboardData 7E380DBA 6 Bytes PUSH 0014275C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefDlgProcA 7E38E577 6 Bytes PUSH 0014A61C; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefFrameProcA 7E39F965 6 Bytes PUSH 0014A6AB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!DefMDIChildProcA 7E39F9B4 6 Bytes PUSH 0014A73A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] USER32.dll!SetCursorPos 7E3A61B3 6 Bytes PUSH 00154880; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018A7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00145762; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014574B; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00142883; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00142C72; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00142CAA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00142813; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00142CCB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 001407A7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!InternetReadFile 3FD0655B 6 Bytes PUSH 0013FEB3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpQueryInfoA 3FD0879D 6 Bytes PUSH 0013FFE6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!InternetCloseHandle 3FD09098 6 Bytes PUSH 0013FE46; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!InternetQueryDataAvailable 3FD0BF93 6 Bytes PUSH 0013FFBA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpOpenRequestA 3FD0D518 6 Bytes PUSH 0013FB8E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpSendRequestW 3FD0FACE 6 Bytes PUSH 0013FBCC; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpOpenRequestW 3FD0FC0B 6 Bytes PUSH 0013FB50; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpSendRequestA 3FD1EEA1 6 Bytes PUSH 0013FC21; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!InternetReadFileExA 3FD23271 6 Bytes PUSH 0013FEE1; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!InternetSetFilePointer 3FD65A11 6 Bytes PUSH 0013FF60; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpSendRequestExA 3FD7A6DA 6 Bytes PUSH 0013FD13; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpSendRequestExW 3FD7A733 6 Bytes PUSH 0013FC76; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpEndRequestA 3FD7A7E2 6 Bytes PUSH 0013FDB0; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[4068] WININET.dll!HttpEndRequestW 3FD7A814 6 Bytes PUSH 0013FDFB; RET ---- EOF - GMER 1.0.15 ----