GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-19 18:00:55 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000006b SAMSUNG_HD250HJ rev.FH100-05 Running: 99p5yk2e.exe; Driver: C:\DOCUME~1\Dako\USTAWI~1\Temp\pxtdapog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D1E3A0, 0x5FE082, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB43EEA00] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 14] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] ntdll.dll!LdrLoadDll 7C915CD3 6 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014B634; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014B5F3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 0014B6B1; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014B69A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013A736; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0013AB25; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0013AB5D; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0013A6C6; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0013AB7E; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00152F74; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 0013B87A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 0013E697; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 0013E6E7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 0013E5F8; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00156AE7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00156B81; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 001567E3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 0013E4CA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 0013E498; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00156A19; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 0013E712; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [15, 00, C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, 13] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 0013E5A8; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00152FB4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00156A62; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 0013E6BF; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00156B34; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00156BD3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 0015686F; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, 15] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00153047; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 001568FB; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 0015698D; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 0013BA29; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 001568B5; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00156944; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 001569D3; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 0013E511; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 0013A407; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 0014F0E7; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 0014F21A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 0014F07A; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 0014F1EE; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 0014EDBC; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 0014EE00; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 0014ED78; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 0014EE55; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 0014F115; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 0014F194; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 0014EF47; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 0014EEAA; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 0014EFE4; RET .text C:\Program Files\Mozilla Firefox\firefox.exe[1276] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 0014F02F; RET .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 023FB1F0; RET .text C:\WINDOWS\Explorer.EXE[1680] ntdll.dll!LdrLoadDll + 1 7C915CD4 5 Bytes [CB, B3, 3F, 02, C3] {RETF ; MOV BL, 0x3f; ADD AL, BL} .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 023FB634; RET .text C:\WINDOWS\Explorer.EXE[1680] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 023FB5F3; RET .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 023FB6B1; RET .text C:\WINDOWS\Explorer.EXE[1680] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 023FB69A; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 02402F74; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetDC 7E3686B7 6 Bytes PUSH 02402EF6; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 023EB87A; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetWindowDC 7E369011 6 Bytes PUSH 02402F35; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 023EE697; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 023EE6E7; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 023EE5F8; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 02406AE7; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 02406B81; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 024067E3; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!BeginPaint 7E36B5F9 6 Bytes PUSH 02402DEB; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!EndPaint 7E36B60D 6 Bytes PUSH 02402E5B; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 023EE4CA; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 023EE498; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 02406A19; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 023EE712; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [40, 02, C3] {INC EAX; ADD AL, BL} .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetCapture 7E36D6B6 6 Bytes PUSH 023EE54E; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 023EE5A8; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 02402FB4; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetDCEx 7E36DF75 6 Bytes PUSH 02402E9B; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 02406A62; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 023EE6BF; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 02406B34; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 02406BD3; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 0240686F; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!OpenInputDesktop 7E3781CF 6 Bytes PUSH 02406775; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SwitchDesktop 7E37AF56 6 Bytes PUSH 024067C5; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 02403047; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 024068FB; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 0240698D; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 023EBA29; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 024068B5; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 02406944; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 024069D3; RET .text C:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 023EE511; RET .text C:\WINDOWS\Explorer.EXE[1680] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 023EA407; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 023FF0E7; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 023FF21A; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 023FF07A; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 023FF1EE; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 023FEDBC; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 023FEE00; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 023FED78; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 023FEE55; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 023FF115; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 023FF194; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 023FEF47; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 023FEEAA; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 023FEFE4; RET .text C:\WINDOWS\Explorer.EXE[1680] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 023FF02F; RET .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 023EA736; RET .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 023EAB25; RET .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!send 71A54C27 6 Bytes PUSH 023EAB5D; RET .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 023EA6C6; RET .text C:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 023EAB7E; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, F7] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, F7] {RETF ; MOV BL, 0xf7} .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00F7B634; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00F7B5F3; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00F82F74; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 00F6B87A; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 00F6E697; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 00F6E6E7; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 00F6E5F8; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00F86AE7; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00F86B81; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 00F867E3; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 00F6E4CA; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 00F6E498; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00F86A19; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 00F6E712; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [F8, 00, C3] {CLC ; ADD BL, AL} .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, F6] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 00F6E5A8; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00F82FB4; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00F86A62; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 00F6E6BF; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00F86B34; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00F86BD3; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 00F8686F; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, F8] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00F83047; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 00F868FB; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 00F8698D; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 00F6BA29; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 00F868B5; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00F86944; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 00F869D3; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 00F6E511; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00F7B6B1; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00F7B69A; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00F6A736; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00F6AB25; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00F6AB5D; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00F6A6C6; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00F6AB7E; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] CRYPT32.dll!PFXImportCertStore 0117FF8F 6 Bytes PUSH 00F6A407; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 00F7F0E7; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 00F7F21A; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 00F7F07A; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 00F7F1EE; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 00F7EDBC; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 00F7EE00; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 00F7ED78; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 00F7EE55; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 00F7F115; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 00F7F194; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 00F7EF47; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 00F7EEAA; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 00F7EFE4; RET .text C:\WINDOWS\system32\RUNDLL32.EXE[1828] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 00F7F02F; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 012FB1F0; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] ntdll.dll!LdrLoadDll + 1 7C915CD4 5 Bytes [CB, B3, 2F, 01, C3] {RETF ; MOV BL, 0x2f; ADD EBX, EAX} .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 012FB634; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 012FB5F3; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 012FB6B1; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 012FB69A; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 01302F74; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetDC 7E3686B7 6 Bytes PUSH 01302EF6; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 012EB87A; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetWindowDC 7E369011 6 Bytes PUSH 01302F35; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 012EE697; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 012EE6E7; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 012EE5F8; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 01306AE7; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 01306B81; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 013067E3; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!BeginPaint 7E36B5F9 6 Bytes PUSH 01302DEB; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!EndPaint 7E36B60D 6 Bytes PUSH 01302E5B; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 012EE4CA; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 012EE498; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 01306A19; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 012EE712; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [30, 01, C3] {XOR [ECX], AL; RET } .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!SetCapture 7E36D6B6 6 Bytes PUSH 012EE54E; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 012EE5A8; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 01302FB4; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetDCEx 7E36DF75 6 Bytes PUSH 01302E9B; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 01306A62; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 012EE6BF; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 01306B34; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 01306BD3; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 0130686F; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!OpenInputDesktop 7E3781CF 6 Bytes PUSH 01306775; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!SwitchDesktop 7E37AF56 6 Bytes PUSH 013067C5; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 01303047; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 013068FB; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 0130698D; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 012EBA29; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 013068B5; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 01306944; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 013069D3; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 012EE511; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] CRYPT32.dll!PFXImportCertStore 00B7FF8F 6 Bytes PUSH 012EA407; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 012EA736; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 012EAB25; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WS2_32.dll!send 71A54C27 6 Bytes PUSH 012EAB5D; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 012EA6C6; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 012EAB7E; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 012FF0E7; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 012FF21A; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 012FF07A; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 012FF1EE; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 012FEDBC; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 012FEE00; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 012FED78; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 012FEE55; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 012FF115; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 012FF194; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 012FEF47; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 012FEEAA; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 012FEFE4; RET .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1844] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 012FF02F; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, B8] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, B8] {RETF ; MOV BL, 0xb8} .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00B8B634; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00B8B5F3; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00B8B6B1; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00B8B69A; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00B92F74; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 00B7B87A; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 00B7E697; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 00B7E6E7; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 00B7E5F8; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00B96AE7; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00B96B81; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 00B967E3; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 00B7E4CA; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 00B7E498; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00B96A19; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 00B7E712; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [B9, 00, C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, B7] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 00B7E5A8; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00B92FB4; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00B96A62; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 00B7E6BF; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00B96B34; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00B96BD3; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 00B9686F; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, B9] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00B93047; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 00B968FB; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 00B9698D; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 00B7BA29; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 00B968B5; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00B96944; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 00B969D3; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 00B7E511; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00B7A736; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00B7AB25; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00B7AB5D; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00B7A6C6; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00B7AB7E; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00B7A407; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 00B8F0E7; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 00B8F21A; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 00B8F07A; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 00B8F1EE; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 00B8EDBC; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 00B8EE00; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 00B8ED78; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 00B8EE55; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 00B8F115; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 00B8F194; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 00B8EF47; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 00B8EEAA; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 00B8EFE4; RET .text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[1856] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 00B8F02F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, BE] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, BE] {RETF ; MOV BL, 0xbe} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00BEB634; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00BEB5F3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00BEB6B1; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00BEB69A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00BF2F74; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 00BDB87A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 00BDE697; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 00BDE6E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 00BDE5F8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00BF6AE7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00BF6B81; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 00BF67E3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 00BDE4CA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 00BDE498; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00BF6A19; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 00BDE712; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [BF, 00, C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, BD] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 00BDE5A8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00BF2FB4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00BF6A62; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 00BDE6BF; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00BF6B34; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00BF6BD3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 00BF686F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, BF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00BF3047; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 00BF68FB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 00BF698D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 00BDBA29; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 00BF68B5; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00BF6944; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 00BF69D3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 00BDE511; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 00BEF0E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 00BEF21A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 00BEF07A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 00BEF1EE; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 00BEEDBC; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 00BEEE00; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 00BEED78; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 00BEEE55; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 00BEF115; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 00BEF194; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 00BEEF47; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 00BEEEAA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 00BEEFE4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 00BEF02F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00BDA736; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00BDAB25; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00BDAB5D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00BDA6C6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00BDAB7E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1880] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 00BDA407; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, CA] .text C:\Program Files\NetMeter\NetMeter.exe[1892] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, CA] {RETF ; MOV BL, 0xca} .text C:\Program Files\NetMeter\NetMeter.exe[1892] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 00CAB634; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 00CAB5F3; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] advapi32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 00CAB6B1; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] advapi32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 00CAB69A; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00CB2F74; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 00C9B87A; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 00C9E697; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 00C9E6E7; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 00C9E5F8; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00CB6AE7; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00CB6B81; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 00CB67E3; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 00C9E4CA; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 00C9E498; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00CB6A19; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 00C9E712; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [CB, 00, C3] {RETF ; ADD BL, AL} .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, C9] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 00C9E5A8; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00CB2FB4; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00CB6A62; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 00C9E6BF; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00CB6B34; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00CB6BD3; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 00CB686F; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, CB] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00CB3047; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 00CB68FB; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 00CB698D; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 00C9BA29; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 00CB68B5; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00CB6944; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 00CB69D3; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 00C9E511; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00C9A736; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 00C9AB25; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WS2_32.dll!send 71A54C27 6 Bytes PUSH 00C9AB5D; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 00C9A6C6; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 00C9AB7E; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] CRYPT32.dll!PFXImportCertStore 00E3FF8F 6 Bytes PUSH 00C9A407; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 00CAF0E7; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 00CAF21A; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 00CAF07A; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 00CAF1EE; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 00CAEDBC; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 00CAEE00; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 00CAED78; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 00CAEE55; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 00CAF115; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 00CAF194; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 00CAEF47; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 00CAEEAA; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 00CAEFE4; RET .text C:\Program Files\NetMeter\NetMeter.exe[1892] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 00CAF02F; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 14] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, 14] {RETF ; MOV BL, 0x14} .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014B634; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014B5F3; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00152F74; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 0013B87A; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 0013E697; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 0013E6E7; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 0013E5F8; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00156AE7; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00156B81; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 001567E3; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 0013E4CA; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 0013E498; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00156A19; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 0013E712; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [15, 00, C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, 13] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 0013E5A8; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00152FB4; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00156A62; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 0013E6BF; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00156B34; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00156BD3; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 0015686F; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, 15] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00153047; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 001568FB; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 0015698D; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 0013BA29; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 001568B5; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00156944; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 001569D3; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 0013E511; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 0014B6B1; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014B69A; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013A736; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0013AB25; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0013AB5D; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0013A6C6; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0013AB7E; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 0013A407; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 0014F0E7; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 0014F21A; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 0014F07A; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 0014F1EE; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 0014EDBC; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 0014EE00; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 0014ED78; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 0014EE55; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 0014F115; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 0014F194; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 0014EF47; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 0014EEAA; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 0014EFE4; RET .text C:\Documents and Settings\Dako\Moje dokumenty\Pobieranie\99p5yk2e.exe[2880] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 0014F02F; RET .text C:\WINDOWS\notepad.exe[3904] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 14] .text C:\WINDOWS\notepad.exe[3904] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] ntdll.dll!LdrLoadDll + 1 7C915CD4 3 Bytes [CB, B3, 14] {RETF ; MOV BL, 0x14} .text C:\WINDOWS\notepad.exe[3904] ntdll.dll!LdrLoadDll + 5 7C915CD8 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] kernel32.dll!GetFileAttributesExW 7C811195 6 Bytes PUSH 0014B634; RET .text C:\WINDOWS\notepad.exe[3904] kernel32.dll!ExitProcess 7C81CB12 6 Bytes PUSH 0014B5F3; RET .text C:\WINDOWS\notepad.exe[3904] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 6 Bytes PUSH 0014B6B1; RET .text C:\WINDOWS\notepad.exe[3904] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 6 Bytes PUSH 0014B69A; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!ReleaseDC 7E36868D 6 Bytes PUSH 00152F74; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetDC 7E3686B7 4 Bytes [68, F6, 2E, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetDC + 5 7E3686BC 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!TranslateMessage 7E368BE6 6 Bytes PUSH 0013B87A; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetWindowDC 7E369011 4 Bytes [68, 35, 2F, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetWindowDC + 5 7E369016 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetMessageW 7E3691B6 6 Bytes PUSH 0013E697; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!PeekMessageW 7E36928B 6 Bytes PUSH 0013E6E7; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetCapture 7E3694CA 6 Bytes PUSH 0013E5F8; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!RegisterClassW 7E36A38A 6 Bytes PUSH 00156AE7; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!RegisterClassExW 7E36AF6F 6 Bytes PUSH 00156B81; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefWindowProcW 7E36B32C 6 Bytes PUSH 001567E3; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!BeginPaint 7E36B5F9 4 Bytes [68, EB, 2D, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!BeginPaint + 5 7E36B5FE 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!EndPaint 7E36B60D 4 Bytes [68, 5B, 2E, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!EndPaint + 5 7E36B612 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetCursorPos 7E36BD5E 6 Bytes PUSH 0013E4CA; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetMessagePos 7E36BF7C 6 Bytes PUSH 0013E498; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!CallWindowProcW 7E36C62E 6 Bytes PUSH 00156A19; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!PeekMessageA 7E36C950 6 Bytes PUSH 0013E712; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefWindowProcA 7E36D4D6 2 Bytes [68, 29] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefWindowProcA + 3 7E36D4D9 3 Bytes [15, 00, C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!SetCapture 7E36D6B6 4 Bytes [68, 4E, E5, 13] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!SetCapture + 5 7E36D6BB 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!ReleaseCapture 7E36D6D2 6 Bytes PUSH 0013E5A8; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetUpdateRect 7E36D6DF 6 Bytes PUSH 00152FB4; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetDCEx 7E36DF75 4 Bytes [68, 9B, 2E, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetDCEx + 5 7E36DF7A 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!CallWindowProcA 7E36E8CA 6 Bytes PUSH 00156A62; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetMessageA 7E371022 6 Bytes PUSH 0013E6BF; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!RegisterClassA 7E37146C 6 Bytes PUSH 00156B34; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!RegisterClassExA 7E3737D1 6 Bytes PUSH 00156BD3; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefDlgProcW 7E3741CA 6 Bytes PUSH 0015686F; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!OpenInputDesktop 7E3781CF 4 Bytes [68, 75, 67, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!OpenInputDesktop + 5 7E3781D4 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!SwitchDesktop 7E37AF56 4 Bytes [68, C5, 67, 15] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!SwitchDesktop + 5 7E37AF5B 1 Byte [C3] .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetUpdateRgn 7E37F5DC 6 Bytes PUSH 00153047; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefFrameProcW 7E380823 6 Bytes PUSH 001568FB; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefMDIChildProcW 7E380A37 6 Bytes PUSH 0015698D; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!GetClipboardData 7E380DAA 6 Bytes PUSH 0013BA29; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefDlgProcA 7E38E55F 6 Bytes PUSH 001568B5; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefFrameProcA 7E39F87D 6 Bytes PUSH 00156944; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!DefMDIChildProcA 7E39F8CC 6 Bytes PUSH 001569D3; RET .text C:\WINDOWS\notepad.exe[3904] USER32.dll!SetCursorPos 7E3A60D3 6 Bytes PUSH 0013E511; RET .text C:\WINDOWS\notepad.exe[3904] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013A736; RET .text C:\WINDOWS\notepad.exe[3904] WS2_32.dll!closesocket 71A53E2B 6 Bytes PUSH 0013AB25; RET .text C:\WINDOWS\notepad.exe[3904] WS2_32.dll!send 71A54C27 6 Bytes PUSH 0013AB5D; RET .text C:\WINDOWS\notepad.exe[3904] WS2_32.dll!gethostbyname 71A55355 6 Bytes PUSH 0013A6C6; RET .text C:\WINDOWS\notepad.exe[3904] WS2_32.dll!WSASend 71A568FA 6 Bytes PUSH 0013AB7E; RET .text C:\WINDOWS\notepad.exe[3904] CRYPT32.dll!PFXImportCertStore 77ADFF8F 6 Bytes PUSH 0013A407; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!InternetReadFile 3FD0654B 6 Bytes PUSH 0014F0E7; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpQueryInfoA 3FD0878D 6 Bytes PUSH 0014F21A; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!InternetCloseHandle 3FD09088 6 Bytes PUSH 0014F07A; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!InternetQueryDataAvailable 3FD0BF7F 6 Bytes PUSH 0014F1EE; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpOpenRequestA 3FD0D508 6 Bytes PUSH 0014EDBC; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpSendRequestW 3FD0FABE 6 Bytes PUSH 0014EE00; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpOpenRequestW 3FD0FBFB 6 Bytes PUSH 0014ED78; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpSendRequestA 3FD1EE89 6 Bytes PUSH 0014EE55; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!InternetReadFileExA 3FD23381 6 Bytes PUSH 0014F115; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!InternetSetFilePointer 3FD659F1 6 Bytes PUSH 0014F194; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpSendRequestExA 3FD7A75A 6 Bytes PUSH 0014EF47; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpSendRequestExW 3FD7A7B3 6 Bytes PUSH 0014EEAA; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpEndRequestA 3FD7A862 6 Bytes PUSH 0014EFE4; RET .text C:\WINDOWS\notepad.exe[3904] WININET.dll!HttpEndRequestW 3FD7A894 6 Bytes PUSH 0014F02F; RET ---- EOF - GMER 1.0.15 ----