GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-31 20:34:53 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB4Z Running: yhnqs8r5.exe; Driver: C:\Users\Justyna\AppData\Local\Temp\pxldipow.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8B21979E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8B219738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8B21974C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8B219762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8B2197C8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8B219710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8B219724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8B2197B2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8B2197F0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8B2197DC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8B21978A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8B219776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B2196FC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83091A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CB4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8324FF2D 5 Bytes JMP 8B2197CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 83267AF8 5 Bytes JMP 8B219714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 8328E78D 5 Bytes JMP 8B21977A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 832985A1 7 Bytes JMP 8B2197B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 832A5390 5 Bytes JMP 8B2197A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 832B0BFB 5 Bytes JMP 8B219700 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 832B3FC3 5 Bytes JMP 8B219728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 832C429D 5 Bytes JMP 8B219766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 832E7B5C 5 Bytes JMP 8B2197E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 832F1AF8 5 Bytes JMP 8B2197F4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 833320C3 5 Bytes JMP 8B21973C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 8333210E 7 Bytes JMP 8B219750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 83333745 5 Bytes JMP 8B21978E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1736] kernel32.dll!LoadLibraryA 763EDC65 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1736] kernel32.dll!LoadLibraryW 763EEF42 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ntdll.dll!NtCreateUserProcess 77735778 4 Bytes [68, A6, B2, 04] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ntdll.dll!NtCreateUserProcess + 5 7773577D 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0004B3CB; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0004B634; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] kernel32.dll!CreateThread 763EDCC2 5 Bytes JMP 6CAD75E3 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0004B5F3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0004B6B1; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0004B69A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 000567C5; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!OpenInputDesktop 76795C39 4 Bytes [68, 75, 67, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!OpenInputDesktop + 5 76795C3E 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 00056BD3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!EnableWindow 76798D02 5 Bytes JMP 6CB19EBC C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0003E5F8; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0003E4CA; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 00052FB4; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!CallNextHookEx 7679ABE1 5 Bytes JMP 6CB37FDF C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!UnhookWindowsHookEx 7679ADF9 5 Bytes JMP 6CB5ED00 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefWindowProcA 7679BB1C 6 Bytes JMP 6CAD980D C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 00056B34; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!CreateWindowExA 7679BF40 5 Bytes JMP 6CAE3643 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!SetWindowsHookExW 7679E30C 5 Bytes JMP 6CB125B4 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!CreateWindowExW 7679EC7C 5 Bytes JMP 6CB403CF C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 00056AE7; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 00056B81; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0003E6BF; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0003E712; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 00056A19; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetDCEx 767A2D57 4 Bytes [68, 9B, 2E, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetDCEx + 5 767A2D5C 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetWindowDC 767A4AB7 4 Bytes [68, 35, 2F, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetWindowDC + 5 767A4ABC 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefWindowProcW 767A507D 6 Bytes JMP 6CB38042 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 00052F74; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetDC 767A544C 4 Bytes [68, F6, 2E, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetDC + 5 767A5451 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!BeginPaint 767A5D14 4 Bytes [68, EB, 2D, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!BeginPaint + 5 767A5D19 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!EndPaint 767A5D42 4 Bytes [68, 5B, 2E, 05] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!EndPaint + 5 767A5D47 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0003E6E7; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0003B87A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0003E697; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0003BA29; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DialogBoxParamW 767B3B9B 5 Bytes JMP 6CA71893 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 000568B5; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0005698D; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 000568FB; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 00053047; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 00056944; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 000569D3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 00056A62; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DialogBoxIndirectParamW 767C3B7F 5 Bytes JMP 6CC6902E C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0005686F; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0003E498; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!SetCapture 767C6932 4 Bytes [68, 4E, E5, 03] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!SetCapture + 5 767C6937 1 Byte [C3] .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0003E5A8; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0003E511; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DialogBoxParamA 767DCF42 5 Bytes JMP 6CC68FC9 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!DialogBoxIndirectParamA 767DD274 5 Bytes JMP 6CC69093 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!MessageBoxIndirectA 767EE869 5 Bytes JMP 6CC68F50 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!MessageBoxIndirectW 767EE963 5 Bytes JMP 6CC68ED7 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!MessageBoxExA 767EE9C9 5 Bytes JMP 6CC68E73 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] USER32.dll!MessageBoxExW 767EE9ED 5 Bytes JMP 6CC68E0F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] ole32.dll!OleLoadFromStream 76536143 5 Bytes JMP 6CC697FC C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes JMP 6BC152A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0004F21A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes JMP 6BC153C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes JMP 6BC14D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetConnectA 75C1567E 5 Bytes JMP 6BC156C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes JMP 6BC15500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0004ED78; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0004EE00; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0004F115; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0004EEAA; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0004EFE4; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0004F194; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0004EE55; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0004EF47; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0004F02F; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0003AB25; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0003A736; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0003AB7E; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0003AB5D; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0003A6C6; RET .text C:\Program Files\Internet Explorer\iexplore.exe[2128] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0003A407; RET .text C:\windows\system32\taskhost.exe[2256] ntdll.dll!NtCreateUserProcess 77735778 4 Bytes [68, A6, B2, 96] .text C:\windows\system32\taskhost.exe[2256] ntdll.dll!NtCreateUserProcess + 5 7773577D 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0096B3CB; RET .text C:\windows\system32\taskhost.exe[2256] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0096B634; RET .text C:\windows\system32\taskhost.exe[2256] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0096B5F3; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 009767C5; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!OpenInputDesktop 76795C39 4 Bytes [68, 75, 67, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!OpenInputDesktop + 5 76795C3E 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 00976BD3; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0095E5F8; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0095E4CA; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 00972FB4; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [97, 00, C3] {XCHG EDI, EAX; ADD BL, AL} .text C:\windows\system32\taskhost.exe[2256] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 00976B34; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 00976AE7; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 00976B81; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0095E6BF; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0095E712; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 00976A19; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetDCEx 767A2D57 4 Bytes [68, 9B, 2E, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetDCEx + 5 767A2D5C 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetWindowDC 767A4AB7 4 Bytes [68, 35, 2F, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetWindowDC + 5 767A4ABC 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 009767E3; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 00972F74; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetDC 767A544C 4 Bytes [68, F6, 2E, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetDC + 5 767A5451 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!BeginPaint 767A5D14 4 Bytes [68, EB, 2D, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!BeginPaint + 5 767A5D19 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!EndPaint 767A5D42 4 Bytes [68, 5B, 2E, 97] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!EndPaint + 5 767A5D47 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0095E6E7; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0095B87A; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0095E697; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0095BA29; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 009768B5; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0097698D; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 009768FB; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 00973047; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 00976944; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 009769D3; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 00976A62; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0097686F; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0095E498; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!SetCapture 767C6932 4 Bytes [68, 4E, E5, 95] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!SetCapture + 5 767C6937 1 Byte [C3] .text C:\windows\system32\taskhost.exe[2256] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0095E5A8; RET .text C:\windows\system32\taskhost.exe[2256] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0095E511; RET .text C:\windows\system32\taskhost.exe[2256] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0096B6B1; RET .text C:\windows\system32\taskhost.exe[2256] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0096B69A; RET .text C:\windows\system32\taskhost.exe[2256] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0095AB25; RET .text C:\windows\system32\taskhost.exe[2256] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0095A736; RET .text C:\windows\system32\taskhost.exe[2256] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0095AB7E; RET .text C:\windows\system32\taskhost.exe[2256] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0095AB5D; RET .text C:\windows\system32\taskhost.exe[2256] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0095A6C6; RET .text C:\windows\system32\taskhost.exe[2256] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0095A407; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0096F07A; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0096F21A; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0096F0E7; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0096F1EE; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0096EDBC; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0096ED78; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0096EE00; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0096F115; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0096EEAA; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0096EFE4; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0096F194; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0096EE55; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0096EF47; RET .text C:\windows\system32\taskhost.exe[2256] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0096F02F; RET .text C:\windows\system32\Dwm.exe[2356] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 030FB2A6; RET .text C:\windows\system32\Dwm.exe[2356] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 030FB3CB; RET .text C:\windows\system32\Dwm.exe[2356] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 030FB634; RET .text C:\windows\system32\Dwm.exe[2356] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 030FB5F3; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 031067C5; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 03106775; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 03106BD3; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 030EE5F8; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 030EE4CA; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 03102FB4; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [10, 03, C3] {ADC [EBX], AL; RET } .text C:\windows\system32\Dwm.exe[2356] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 03106B34; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 03106AE7; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 03106B81; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 030EE6BF; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 030EE712; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 03106A19; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 03102E9B; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 03102F35; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 031067E3; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 03102F74; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetDC 767A544C 6 Bytes PUSH 03102EF6; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 03102DEB; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 03102E5B; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 030EE6E7; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 030EB87A; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 030EE697; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 030EBA29; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 031068B5; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0310698D; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 031068FB; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 03103047; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 03106944; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 031069D3; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 03106A62; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0310686F; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 030EE498; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 030EE54E; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 030EE5A8; RET .text C:\windows\system32\Dwm.exe[2356] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 030EE511; RET .text C:\windows\system32\Dwm.exe[2356] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 030FB6B1; RET .text C:\windows\system32\Dwm.exe[2356] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 030FB69A; RET .text C:\windows\system32\Dwm.exe[2356] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 030EA407; RET .text C:\windows\system32\Dwm.exe[2356] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 030EAB25; RET .text C:\windows\system32\Dwm.exe[2356] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 030EA736; RET .text C:\windows\system32\Dwm.exe[2356] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 030EAB7E; RET .text C:\windows\system32\Dwm.exe[2356] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 030EAB5D; RET .text C:\windows\system32\Dwm.exe[2356] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 030EA6C6; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 030FF07A; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 030FF21A; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 030FF0E7; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 030FF1EE; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 030FEDBC; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 030FED78; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 030FEE00; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 030FF115; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 030FEEAA; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 030FEFE4; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 030FF194; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 030FEE55; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 030FEF47; RET .text C:\windows\system32\Dwm.exe[2356] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 030FF02F; RET .text C:\windows\Explorer.EXE[2432] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 0430B2A6; RET .text C:\windows\Explorer.EXE[2432] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0430B3CB; RET .text C:\windows\Explorer.EXE[2432] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0430B634; RET .text C:\windows\Explorer.EXE[2432] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0430B5F3; RET .text C:\windows\Explorer.EXE[2432] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0430B6B1; RET .text C:\windows\Explorer.EXE[2432] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0430B69A; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 043167C5; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 04316775; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 04316BD3; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 042FE5F8; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 042FE4CA; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 04312FB4; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\windows\Explorer.EXE[2432] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [31, 04, C3] {XOR [EBX+EAX*8], EAX} .text C:\windows\Explorer.EXE[2432] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 04316B34; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 04316AE7; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 04316B81; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 042FE6BF; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 042FE712; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 04316A19; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 04312E9B; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 04312F35; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 043167E3; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 04312F74; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetDC 767A544C 6 Bytes PUSH 04312EF6; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 04312DEB; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 04312E5B; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 042FE6E7; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 042FB87A; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 042FE697; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 042FBA29; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 043168B5; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0431698D; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 043168FB; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 04313047; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 04316944; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 043169D3; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 04316A62; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0431686F; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 042FE498; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 042FE54E; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 042FE5A8; RET .text C:\windows\Explorer.EXE[2432] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 042FE511; RET .text C:\windows\Explorer.EXE[2432] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 042FA407; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0430F07A; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0430F21A; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0430F0E7; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0430F1EE; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0430EDBC; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0430ED78; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0430EE00; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0430F115; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0430EEAA; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0430EFE4; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0430F194; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0430EE55; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0430EF47; RET .text C:\windows\Explorer.EXE[2432] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0430F02F; RET .text C:\windows\Explorer.EXE[2432] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 042FAB25; RET .text C:\windows\Explorer.EXE[2432] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 042FA736; RET .text C:\windows\Explorer.EXE[2432] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 042FAB7E; RET .text C:\windows\Explorer.EXE[2432] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 042FAB5D; RET .text C:\windows\Explorer.EXE[2432] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 042FA6C6; RET .text C:\windows\system32\ctfmon.exe[2616] ntdll.dll!NtCreateUserProcess 77735778 4 Bytes [68, A6, B2, 04] .text C:\windows\system32\ctfmon.exe[2616] ntdll.dll!NtCreateUserProcess + 5 7773577D 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0004B3CB; RET .text C:\windows\system32\ctfmon.exe[2616] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0004B634; RET .text C:\windows\system32\ctfmon.exe[2616] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0004B5F3; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 000567C5; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!OpenInputDesktop 76795C39 4 Bytes [68, 75, 67, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!OpenInputDesktop + 5 76795C3E 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 00056BD3; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0003E5F8; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0003E4CA; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 00052FB4; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [05, 00, C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 00056B34; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 00056AE7; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 00056B81; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0003E6BF; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0003E712; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 00056A19; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetDCEx 767A2D57 4 Bytes [68, 9B, 2E, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetDCEx + 5 767A2D5C 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetWindowDC 767A4AB7 4 Bytes [68, 35, 2F, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetWindowDC + 5 767A4ABC 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 000567E3; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 00052F74; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetDC 767A544C 4 Bytes [68, F6, 2E, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetDC + 5 767A5451 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!BeginPaint 767A5D14 4 Bytes [68, EB, 2D, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!BeginPaint + 5 767A5D19 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!EndPaint 767A5D42 4 Bytes [68, 5B, 2E, 05] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!EndPaint + 5 767A5D47 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0003E6E7; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0003B87A; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0003E697; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0003BA29; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 000568B5; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0005698D; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 000568FB; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 00053047; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 00056944; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 000569D3; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 00056A62; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0005686F; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0003E498; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!SetCapture 767C6932 4 Bytes [68, 4E, E5, 03] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!SetCapture + 5 767C6937 1 Byte [C3] .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0003E5A8; RET .text C:\windows\system32\ctfmon.exe[2616] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0003E511; RET .text C:\windows\system32\ctfmon.exe[2616] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0004B6B1; RET .text C:\windows\system32\ctfmon.exe[2616] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0004B69A; RET .text C:\windows\system32\ctfmon.exe[2616] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0003AB25; RET .text C:\windows\system32\ctfmon.exe[2616] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0003A736; RET .text C:\windows\system32\ctfmon.exe[2616] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0003AB7E; RET .text C:\windows\system32\ctfmon.exe[2616] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0003AB5D; RET .text C:\windows\system32\ctfmon.exe[2616] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0003A6C6; RET .text C:\windows\system32\ctfmon.exe[2616] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0003A407; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0004F07A; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0004F21A; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0004F0E7; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0004F1EE; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0004EDBC; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0004ED78; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0004EE00; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0004F115; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0004EEAA; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0004EFE4; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0004F194; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0004EE55; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0004EF47; RET .text C:\windows\system32\ctfmon.exe[2616] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0004F02F; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 014AB2A6; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 014AB3CB; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 014AB634; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 014AB5F3; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 014B67C5; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 014B6775; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 014B6BD3; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0149E5F8; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0149E4CA; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 014B2FB4; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [4B, 01, C3] {DEC EBX; ADD EBX, EAX} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 014B6B34; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 014B6AE7; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 014B6B81; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0149E6BF; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0149E712; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 014B6A19; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 014B2E9B; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 014B2F35; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 014B67E3; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 014B2F74; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetDC 767A544C 6 Bytes PUSH 014B2EF6; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 014B2DEB; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 014B2E5B; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0149E6E7; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0149B87A; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0149E697; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0149BA29; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 014B68B5; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 014B698D; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 014B68FB; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 014B3047; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 014B6944; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 014B69D3; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 014B6A62; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 014B686F; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0149E498; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 0149E54E; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0149E5A8; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0149E511; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 014AB6B1; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 014AB69A; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0149AB25; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0149A736; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0149AB7E; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0149AB5D; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0149A6C6; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0149A407; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 014AF07A; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 014AF21A; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 014AF0E7; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 014AF1EE; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 014AEDBC; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 014AED78; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 014AEE00; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 014AF115; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 014AEEAA; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 014AEFE4; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 014AF194; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 014AEE55; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 014AEF47; RET .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2956] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 014AF02F; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 0261B2A6; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0261B3CB; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0261B634; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0261B5F3; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 026267C5; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 02626775; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 02626BD3; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0260E5F8; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0260E4CA; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 02622FB4; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [62, 02, C3] {BOUND EAX, [EDX]; RET } .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 02626B34; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 02626AE7; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 02626B81; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0260E6BF; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0260E712; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 02626A19; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 02622E9B; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 02622F35; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 026267E3; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 02622F74; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetDC 767A544C 6 Bytes PUSH 02622EF6; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 02622DEB; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 02622E5B; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0260E6E7; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0260B87A; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0260E697; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0260BA29; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 026268B5; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0262698D; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 026268FB; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 02623047; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 02626944; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 026269D3; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 02626A62; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0262686F; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0260E498; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 0260E54E; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0260E5A8; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0260E511; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0261B6B1; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0261B69A; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0260AB25; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0260A736; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0260AB7E; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0260AB5D; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0260A6C6; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0260A407; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0261F07A; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0261F21A; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0261F0E7; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0261F1EE; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0261EDBC; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0261ED78; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0261EE00; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0261F115; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0261EEAA; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0261EFE4; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0261F194; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0261EE55; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0261EF47; RET .text C:\Program Files\Apoint2K\Apoint.exe[2968] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0261F02F; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 0156B2A6; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0156B3CB; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0156B634; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0156B5F3; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 015767C5; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01576775; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01576BD3; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0155E5F8; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0155E4CA; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01572FB4; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [57, 01, C3] {PUSH EDI; ADD EBX, EAX} .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01576B34; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01576AE7; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01576B81; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0155E6BF; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0155E712; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01576A19; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01572E9B; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01572F35; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 015767E3; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01572F74; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01572EF6; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01572DEB; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01572E5B; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0155E6E7; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0155B87A; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0155E697; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0155BA29; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 015768B5; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0157698D; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 015768FB; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01573047; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01576944; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 015769D3; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01576A62; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0157686F; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0155E498; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 0155E54E; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0155E5A8; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0155E511; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0156B6B1; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0156B69A; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0155AB25; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0155A736; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0155AB7E; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0155AB5D; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0155A6C6; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0155A407; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0156F07A; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0156F21A; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0156F0E7; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0156F1EE; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0156EDBC; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0156ED78; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0156EE00; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0156F115; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0156EEAA; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0156EFE4; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0156F194; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0156EE55; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0156EF47; RET .text C:\Program Files\Lenovo\VeriFace\PManage.exe[2996] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0156F02F; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 01F9B2A6; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 01F9B3CB; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 01F9B634; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 01F9B5F3; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 01FA67C5; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01FA6775; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01FA6BD3; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 01F8E5F8; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 01F8E4CA; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01FA2FB4; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [FA, 01, C3] {CLI ; ADD EBX, EAX} .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01FA6B34; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01FA6AE7; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01FA6B81; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 01F8E6BF; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 01F8E712; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01FA6A19; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01FA2E9B; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01FA2F35; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 01FA67E3; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01FA2F74; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01FA2EF6; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01FA2DEB; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01FA2E5B; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 01F8E6E7; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 01F8B87A; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 01F8E697; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 01F8BA29; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 01FA68B5; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 01FA698D; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 01FA68FB; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01FA3047; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01FA6944; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 01FA69D3; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01FA6A62; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 01FA686F; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 01F8E498; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 01F8E54E; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 01F8E5A8; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 01F8E511; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 01F9B6B1; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 01F9B69A; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 01F8AB25; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 01F8A736; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 01F8AB7E; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 01F8AB5D; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 01F8A6C6; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 01F8A407; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 01F9F07A; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 01F9F21A; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 01F9F0E7; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 01F9F1EE; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 01F9EDBC; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 01F9ED78; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 01F9EE00; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 01F9F115; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 01F9EEAA; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 01F9EFE4; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 01F9F194; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 01F9EE55; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 01F9EF47; RET .text C:\Program Files\Lenovo\Energy Management\utility.exe[3052] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 01F9F02F; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 01D0B2A6; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 01D0B3CB; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 01D0B634; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 01D0B5F3; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 01D0B6B1; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 01D0B69A; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 01D167C5; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01D16775; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01D16BD3; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 01CFE5F8; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 01CFE4CA; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01D12FB4; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [D1, 01, C3] {ROL DWORD [ECX], 0x1; RET } .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01D16B34; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01D16AE7; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01D16B81; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 01CFE6BF; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 01CFE712; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01D16A19; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01D12E9B; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01D12F35; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 01D167E3; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01D12F74; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01D12EF6; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01D12DEB; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01D12E5B; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 01CFE6E7; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 01CFB87A; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 01CFE697; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 01CFBA29; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 01D168B5; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 01D1698D; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 01D168FB; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01D13047; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01D16944; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 01D169D3; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01D16A62; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 01D1686F; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 01CFE498; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 01CFE54E; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 01CFE5A8; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 01CFE511; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 01CFAB25; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 01CFA736; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 01CFAB7E; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 01CFAB5D; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 01CFA6C6; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 01CFA407; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 01D0F07A; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 01D0F21A; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 01D0F0E7; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 01D0F1EE; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 01D0EDBC; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 01D0ED78; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 01D0EE00; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 01D0F115; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 01D0EEAA; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 01D0EFE4; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 01D0F194; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 01D0EE55; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 01D0EF47; RET .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3176] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 01D0F02F; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 0116B2A6; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0116B3CB; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0116B634; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0116B5F3; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 011767C5; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01176775; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01176BD3; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0115E5F8; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0115E4CA; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01172FB4; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [17, 01, C3] {POP SS; ADD EBX, EAX} .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01176B34; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01176AE7; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01176B81; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0115E6BF; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0115E712; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01176A19; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01172E9B; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01172F35; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 011767E3; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01172F74; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01172EF6; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01172DEB; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01172E5B; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0115E6E7; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0115B87A; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0115E697; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0115BA29; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 011768B5; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0117698D; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 011768FB; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01173047; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01176944; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 011769D3; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01176A62; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0117686F; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0115E498; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 0115E54E; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!ReleaseCapture 767C69F2 3 Bytes [68, A8, E5] .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!ReleaseCapture + 4 767C69F6 2 Bytes [01, C3] {ADD EBX, EAX} .text C:\Program Files\Apoint2K\Apntex.exe[3200] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0115E511; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0116B6B1; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0116B69A; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0115AB25; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0115A736; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0115AB7E; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0115AB5D; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0115A6C6; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0115A407; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0116F07A; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0116F21A; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0116F0E7; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0116F1EE; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0116EDBC; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0116ED78; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0116EE00; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0116F115; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0116EEAA; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0116EFE4; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0116F194; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0116EE55; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0116EF47; RET .text C:\Program Files\Apoint2K\Apntex.exe[3200] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0116F02F; RET .text C:\windows\system32\conhost.exe[3216] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 0191B2A6; RET .text C:\windows\system32\conhost.exe[3216] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 0191B3CB; RET .text C:\windows\system32\conhost.exe[3216] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 0191B634; RET .text C:\windows\system32\conhost.exe[3216] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 0191B5F3; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 019267C5; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01926775; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01926BD3; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0190E5F8; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0190E4CA; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01922FB4; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [92, 01, C3] {XCHG EDX, EAX; ADD EBX, EAX} .text C:\windows\system32\conhost.exe[3216] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01926B34; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01926AE7; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01926B81; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0190E6BF; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0190E712; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01926A19; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01922E9B; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01922F35; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 019267E3; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01922F74; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01922EF6; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01922DEB; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01922E5B; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0190E6E7; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0190B87A; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0190E697; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0190BA29; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 019268B5; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0192698D; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 019268FB; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01923047; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01926944; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 019269D3; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01926A62; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0192686F; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0190E498; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 0190E54E; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0190E5A8; RET .text C:\windows\system32\conhost.exe[3216] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0190E511; RET .text C:\windows\system32\conhost.exe[3216] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 0191B6B1; RET .text C:\windows\system32\conhost.exe[3216] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 0191B69A; RET .text C:\windows\system32\conhost.exe[3216] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0190AB25; RET .text C:\windows\system32\conhost.exe[3216] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0190A736; RET .text C:\windows\system32\conhost.exe[3216] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0190AB7E; RET .text C:\windows\system32\conhost.exe[3216] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0190AB5D; RET .text C:\windows\system32\conhost.exe[3216] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0190A6C6; RET .text C:\windows\system32\conhost.exe[3216] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0190A407; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 0191F07A; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 0191F21A; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 0191F0E7; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 0191F1EE; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 0191EDBC; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 0191ED78; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 0191EE00; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 0191F115; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 0191EEAA; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 0191EFE4; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 0191F194; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 0191EE55; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 0191EF47; RET .text C:\windows\system32\conhost.exe[3216] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 0191F02F; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 01E2B2A6; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 01E2B3CB; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 01E2B634; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 01E2B5F3; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 01E367C5; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01E36775; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01E36BD3; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 01E1E5F8; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 01E1E4CA; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01E32FB4; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [E3, 01, C3] {JECXZ 0x3; RET } .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01E36B34; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01E36AE7; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01E36B81; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 01E1E6BF; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 01E1E712; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01E36A19; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01E32E9B; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01E32F35; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 01E367E3; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01E32F74; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01E32EF6; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01E32DEB; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01E32E5B; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 01E1E6E7; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 01E1B87A; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 01E1E697; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 01E1BA29; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 01E368B5; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 01E3698D; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 01E368FB; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01E33047; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01E36944; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 01E369D3; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01E36A62; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 01E3686F; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 01E1E498; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 01E1E54E; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 01E1E5A8; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 01E1E511; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 01E2B6B1; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 01E2B69A; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 01E2F07A; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 01E2F21A; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 01E2F0E7; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 01E2F1EE; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 01E2EDBC; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 01E2ED78; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 01E2EE00; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 01E2F115; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 01E2EEAA; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 01E2EFE4; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 01E2F194; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 01E2EE55; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 01E2EF47; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 01E2F02F; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 01E1A407; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 01E1AB25; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 01E1A736; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 01E1AB7E; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 01E1AB5D; RET .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3236] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 01E1A6C6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] ntdll.dll!NtCreateUserProcess 77735778 4 Bytes [68, A6, B2, 3A] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] ntdll.dll!NtCreateUserProcess + 5 7773577D 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 003AB3CB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 003AB634; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 003AB5F3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 003AB6B1; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 003AB69A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 003B67C5; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!OpenInputDesktop 76795C39 4 Bytes [68, 75, 67, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!OpenInputDesktop + 5 76795C3E 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 003B6BD3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 0039E5F8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 0039E4CA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 003B2FB4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [3B, 00, C3] {CMP EAX, [EAX]; RET } .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 003B6B34; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 003B6AE7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 003B6B81; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 0039E6BF; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 0039E712; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 003B6A19; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetDCEx 767A2D57 4 Bytes [68, 9B, 2E, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetDCEx + 5 767A2D5C 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetWindowDC 767A4AB7 4 Bytes [68, 35, 2F, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetWindowDC + 5 767A4ABC 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 003B67E3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 003B2F74; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetDC 767A544C 4 Bytes [68, F6, 2E, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetDC + 5 767A5451 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!BeginPaint 767A5D14 4 Bytes [68, EB, 2D, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!BeginPaint + 5 767A5D19 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!EndPaint 767A5D42 4 Bytes [68, 5B, 2E, 3B] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!EndPaint + 5 767A5D47 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 0039E6E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 0039B87A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 0039E697; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 0039BA29; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 003B68B5; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 003B698D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 003B68FB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 003B3047; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 003B6944; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 003B69D3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 003B6A62; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 003B686F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 0039E498; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!SetCapture 767C6932 4 Bytes [68, 4E, E5, 39] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!SetCapture + 5 767C6937 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 0039E5A8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 0039E511; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 003AF07A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 003AF21A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 003AF0E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 003AF1EE; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 003AEDBC; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 003AED78; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 003AEE00; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 003AF115; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 003AEEAA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 003AEFE4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 003AF194; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 003AEE55; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 003AEF47; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 003AF02F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 0039AB25; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 0039A736; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 0039AB7E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 0039AB5D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 0039A6C6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3248] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 0039A407; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 01E6B2A6; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 01E6B3CB; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 01E6B634; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 01E6B5F3; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 01E6B6B1; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 01E6B69A; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 01E767C5; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01E76775; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01E76BD3; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 01E5E5F8; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 01E5E4CA; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01E72FB4; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [E7, 01, C3] {OUT 0x1, EAX; RET } .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01E76B34; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01E76AE7; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01E76B81; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 01E5E6BF; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 01E5E712; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01E76A19; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01E72E9B; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01E72F35; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 01E767E3; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01E72F74; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01E72EF6; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01E72DEB; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01E72E5B; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 01E5E6E7; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 01E5B87A; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 01E5E697; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 01E5BA29; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 01E768B5; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 01E7698D; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 01E768FB; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01E73047; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01E76944; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 01E769D3; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01E76A62; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 01E7686F; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 01E5E498; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 01E5E54E; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 01E5E5A8; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 01E5E511; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 01E5AB25; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 01E5A736; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 01E5AB7E; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 01E5AB5D; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 01E5A6C6; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 01E5A407; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 01E6F07A; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 01E6F21A; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 01E6F0E7; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 01E6F1EE; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 01E6EDBC; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 01E6ED78; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 01E6EE00; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 01E6F115; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 01E6EEAA; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 01E6EFE4; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 01E6F194; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 01E6EE55; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 01E6EF47; RET .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3316] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 01E6F02F; RET .text C:\ProgramData\lsass.exe[3380] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 015FB2A6; RET .text C:\ProgramData\lsass.exe[3380] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 015FB3CB; RET .text C:\ProgramData\lsass.exe[3380] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 015FB634; RET .text C:\ProgramData\lsass.exe[3380] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 015FB5F3; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 016067C5; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01606775; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01606BD3; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 015EE5F8; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 015EE4CA; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01602FB4; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [60, 01, C3] {PUSHA ; ADD EBX, EAX} .text C:\ProgramData\lsass.exe[3380] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01606B34; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01606AE7; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01606B81; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 015EE6BF; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 015EE712; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01606A19; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01602E9B; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01602F35; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 016067E3; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01602F74; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01602EF6; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01602DEB; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01602E5B; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 015EE6E7; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 015EB87A; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 015EE697; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 015EBA29; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 016068B5; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 0160698D; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 016068FB; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01603047; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01606944; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 016069D3; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01606A62; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 0160686F; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 015EE498; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 015EE54E; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 015EE5A8; RET .text C:\ProgramData\lsass.exe[3380] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 015EE511; RET .text C:\ProgramData\lsass.exe[3380] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 015FB6B1; RET .text C:\ProgramData\lsass.exe[3380] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 015FB69A; RET .text C:\ProgramData\lsass.exe[3380] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 015EAB25; RET .text C:\ProgramData\lsass.exe[3380] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 015EA736; RET .text C:\ProgramData\lsass.exe[3380] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 015EAB7E; RET .text C:\ProgramData\lsass.exe[3380] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 015EAB5D; RET .text C:\ProgramData\lsass.exe[3380] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 015EA6C6; RET .text C:\ProgramData\lsass.exe[3380] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 015EA407; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 015FF07A; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 015FF21A; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 015FF0E7; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 015FF1EE; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 015FEDBC; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 015FED78; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 015FEE00; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 015FF115; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 015FEEAA; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 015FEFE4; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 015FF194; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 015FEE55; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 015FEF47; RET .text C:\ProgramData\lsass.exe[3380] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 015FF02F; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] ntdll.dll!NtCreateUserProcess 77735778 6 Bytes PUSH 01A9B2A6; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] ntdll.dll!LdrLoadDll 7775223E 6 Bytes PUSH 01A9B3CB; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] kernel32.dll!GetFileAttributesExW 763E30C6 6 Bytes PUSH 01A9B634; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] kernel32.dll!ExitProcess 763FBBE2 6 Bytes PUSH 01A9B5F3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 7686C592 6 Bytes PUSH 01A9B6B1; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 768A2538 6 Bytes PUSH 01A9B69A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!SwitchDesktop 7679476B 6 Bytes PUSH 01AA67C5; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!OpenInputDesktop 76795C39 6 Bytes PUSH 01AA6775; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!RegisterClassExA 76796293 6 Bytes PUSH 01AA6BD3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!EnableWindow 76798D02 5 Bytes JMP 6CB19EBC C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetCapture 76799DC7 6 Bytes PUSH 01A8E5F8; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetCursorPos 7679A4B3 6 Bytes PUSH 01A8E4CA; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetUpdateRect 7679A575 6 Bytes PUSH 01AA2FB4; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefWindowProcA 7679BB1C 2 Bytes [68, 29] .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefWindowProcA + 3 7679BB1F 3 Bytes [AA, 01, C3] {STOSB ; ADD EBX, EAX} .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!RegisterClassA 7679BC6A 6 Bytes PUSH 01AA6B34; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!RegisterClassW 7679ED4A 6 Bytes PUSH 01AA6AE7; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!RegisterClassExW 767A0162 6 Bytes PUSH 01AA6B81; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetMessageA 767A1899 6 Bytes PUSH 01A8E6BF; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!PeekMessageA 767A19A5 6 Bytes PUSH 01A8E712; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!CallWindowProcW 767A1B3C 6 Bytes PUSH 01AA6A19; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetDCEx 767A2D57 6 Bytes PUSH 01AA2E9B; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetWindowDC 767A4AB7 6 Bytes PUSH 01AA2F35; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefWindowProcW 767A507D 6 Bytes PUSH 01AA67E3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!ReleaseDC 767A5421 6 Bytes PUSH 01AA2F74; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetDC 767A544C 6 Bytes PUSH 01AA2EF6; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!BeginPaint 767A5D14 6 Bytes PUSH 01AA2DEB; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!EndPaint 767A5D42 6 Bytes PUSH 01AA2E5B; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!PeekMessageW 767A634A 6 Bytes PUSH 01A8E6E7; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!TranslateMessage 767A64C7 6 Bytes PUSH 01A8B87A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetMessageW 767ACDE8 6 Bytes PUSH 01A8E697; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetClipboardData 767B2BA7 6 Bytes PUSH 01A8BA29; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DialogBoxParamW 767B3B9B 5 Bytes JMP 6CA71893 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefDlgProcA 767B71E4 6 Bytes PUSH 01AA68B5; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefMDIChildProcW 767C150A 6 Bytes PUSH 01AA698D; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefFrameProcW 767C152B 6 Bytes PUSH 01AA68FB; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetUpdateRgn 767C1C07 6 Bytes PUSH 01AA3047; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefFrameProcA 767C25B7 6 Bytes PUSH 01AA6944; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefMDIChildProcA 767C25DB 6 Bytes PUSH 01AA69D3; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!CallWindowProcA 767C2BD3 6 Bytes PUSH 01AA6A62; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DialogBoxIndirectParamW 767C3B7F 5 Bytes JMP 6CC6902E C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DefDlgProcW 767C5BC1 6 Bytes PUSH 01AA686F; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!GetMessagePos 767C6703 6 Bytes PUSH 01A8E498; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!SetCapture 767C6932 6 Bytes PUSH 01A8E54E; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!ReleaseCapture 767C69F2 6 Bytes PUSH 01A8E5A8; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!SetCursorPos 767DC1B0 6 Bytes PUSH 01A8E511; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DialogBoxParamA 767DCF42 5 Bytes JMP 6CC68FC9 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!DialogBoxIndirectParamA 767DD274 5 Bytes JMP 6CC69093 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!MessageBoxIndirectA 767EE869 5 Bytes JMP 6CC68F50 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!MessageBoxIndirectW 767EE963 5 Bytes JMP 6CC68ED7 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!MessageBoxExA 767EE9C9 5 Bytes JMP 6CC68E73 C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] USER32.dll!MessageBoxExW 767EE9ED 5 Bytes JMP 6CC68E0F C:\windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!InternetCloseHandle 75BEC664 6 Bytes PUSH 01A9F07A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpQueryInfoA 75BEE13A 6 Bytes PUSH 01A9F21A; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!InternetReadFile 75BEF8D8 6 Bytes PUSH 01A9F0E7; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!InternetQueryDataAvailable 75BF3184 6 Bytes PUSH 01A9F1EE; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpOpenRequestA 75C15761 6 Bytes PUSH 01A9EDBC; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpOpenRequestW 75C15FEF 6 Bytes PUSH 01A9ED78; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpSendRequestW 75C1632D 6 Bytes PUSH 01A9EE00; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!InternetReadFileExA 75C1FA49 6 Bytes PUSH 01A9F115; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpSendRequestExW 75C2F564 6 Bytes PUSH 01A9EEAA; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpEndRequestA 75C2F639 6 Bytes PUSH 01A9EFE4; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!InternetSetFilePointer 75C44F2F 6 Bytes PUSH 01A9F194; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpSendRequestA 75C4525A 6 Bytes PUSH 01A9EE55; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpSendRequestExA 75C8ECD9 6 Bytes PUSH 01A9EF47; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WININET.dll!HttpEndRequestW 75C8EDAB 6 Bytes PUSH 01A9F02F; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WS2_32.dll!closesocket 75BA3918 6 Bytes PUSH 01A8AB25; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WS2_32.dll!getaddrinfo 75BA4296 6 Bytes PUSH 01A8A736; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WS2_32.dll!WSASend 75BA4406 6 Bytes PUSH 01A8AB7E; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WS2_32.dll!send 75BA6F01 6 Bytes PUSH 01A8AB5D; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] WS2_32.dll!gethostbyname 75BB7673 6 Bytes PUSH 01A8A6C6; RET .text C:\Program Files\Internet Explorer\iexplore.exe[3564] CRYPT32.dll!PFXImportCertStore 75AF1224 6 Bytes PUSH 01A8A407; RET ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\system32\rundll32.exe[1844] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757BFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1844] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757BFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757BFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[1844] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757BFFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a93327 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a93327 (not active ControlSet) ---- EOF - GMER 1.0.15 ----