GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-01 21:03:43 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD2000JS-00MHB0 rev.02.01C03 Running: lyn6qk1h.exe; Driver: C:\DOCUME~1\Ja\USTAWI~1\Temp\pfayifow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4937380, 0x5414D5, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAFF7B300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB08B5300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01D0B1F0; RET .text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, D0, 01, C3] {RETF ; MOV BL, 0xd0; ADD EBX, EAX} .text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 01D0B634; RET .text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 01D0B5F3; RET .text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 01D0B6B1; RET .text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 01D0B69A; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01D12F74; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01D12EF6; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 01CFB87A; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01D12F35; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01CFE697; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01CFE6E7; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01CFE5F8; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01D16AE7; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01D16B81; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 01D167E3; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 01D12DEB; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 01D12E5B; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 01CFE4CA; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 01CFE498; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 01D16A19; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 01CFE712; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [D1, 01, C3] {ROL DWORD [ECX], 0x1; RET } .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 01CFE54E; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 01CFE5A8; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 01D12FB4; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 01D12E9B; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 01D16A62; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 01D16B34; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 01D16BD3; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 01D1686F; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 01D16775; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 01D167C5; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 01CFE6BF; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 01D13047; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 01D168FB; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 01D1698D; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 01CFBA29; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 01D168B5; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 01D16944; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 01D169D3; RET .text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 01CFE511; RET .text C:\WINDOWS\Explorer.EXE[236] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 01CFA407; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 01D0EDBC; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 01D0F07A; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 01D0EE55; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 01D0F21A; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 01D0F0E7; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 01D0EEAA; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 01D0ED78; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 01D0F1EE; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 01D0F194; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 01D0F115; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 01D0EE00; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 01D0EF47; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 01D0EFE4; RET .text C:\WINDOWS\Explorer.EXE[236] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 01D0F02F; RET .text C:\WINDOWS\Explorer.EXE[236] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01CFA736; RET .text C:\WINDOWS\Explorer.EXE[236] WS2_32.dll!send 71A5428A 6 Bytes PUSH 01CFAB5D; RET .text C:\WINDOWS\Explorer.EXE[236] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 01CFA6C6; RET .text C:\WINDOWS\Explorer.EXE[236] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 01CFAB7E; RET .text C:\WINDOWS\Explorer.EXE[236] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 01CFAB25; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, A6] .text C:\WINDOWS\system32\nvraidservice.exe[368] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, A6] {RETF ; MOV BL, 0xa6} .text C:\WINDOWS\system32\nvraidservice.exe[368] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00A6B634; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00A6B5F3; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00A6B6B1; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00A6B69A; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00A72F74; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00A5B87A; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00A5E697; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00A5E6E7; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00A5E5F8; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00A76AE7; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00A76B81; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00A767E3; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00A5E4CA; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00A5E498; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00A76A19; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00A5E712; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [A7, 00, C3] {CMPSD ; ADD BL, AL} .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, A5] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00A5E5A8; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00A72FB4; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00A76A62; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00A76B34; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00A76BD3; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00A7686F; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, A7] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00A5E6BF; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00A73047; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00A768FB; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00A7698D; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00A5BA29; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00A768B5; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00A76944; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00A769D3; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00A5E511; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00A5A736; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00A5AB5D; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00A5A6C6; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00A5AB7E; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00A5AB25; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00A5A407; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00A6EDBC; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00A6F07A; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00A6EE55; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00A6F21A; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00A6F0E7; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00A6EEAA; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00A6ED78; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00A6F1EE; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00A6F194; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00A6F115; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00A6EE00; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00A6EF47; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00A6EFE4; RET .text C:\WINDOWS\system32\nvraidservice.exe[368] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00A6F02F; RET .text C:\WINDOWS\system32\rundll32.exe[376] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, BE] .text C:\WINDOWS\system32\rundll32.exe[376] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, BE] {RETF ; MOV BL, 0xbe} .text C:\WINDOWS\system32\rundll32.exe[376] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00BEB634; RET .text C:\WINDOWS\system32\rundll32.exe[376] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00BEB5F3; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00BF2F74; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00BDB87A; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00BDE697; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00BDE6E7; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00BDE5F8; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00BF6AE7; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00BF6B81; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00BF67E3; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00BDE4CA; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00BDE498; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00BF6A19; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00BDE712; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [BF, 00, C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, BD] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00BDE5A8; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00BF2FB4; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00BF6A62; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00BF6B34; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00BF6BD3; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00BF686F; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, BF] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00BDE6BF; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00BF3047; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00BF68FB; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00BF698D; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00BDBA29; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00BF68B5; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00BF6944; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00BF69D3; RET .text C:\WINDOWS\system32\rundll32.exe[376] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00BDE511; RET .text C:\WINDOWS\system32\rundll32.exe[376] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00BEB6B1; RET .text C:\WINDOWS\system32\rundll32.exe[376] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00BEB69A; RET .text C:\WINDOWS\system32\rundll32.exe[376] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00BDA407; RET .text C:\WINDOWS\system32\rundll32.exe[376] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00BDA736; RET .text C:\WINDOWS\system32\rundll32.exe[376] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00BDAB5D; RET .text C:\WINDOWS\system32\rundll32.exe[376] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00BDA6C6; RET .text C:\WINDOWS\system32\rundll32.exe[376] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00BDAB7E; RET .text C:\WINDOWS\system32\rundll32.exe[376] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00BDAB25; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00BEEDBC; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00BEF07A; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00BEEE55; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00BEF21A; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00BEF0E7; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00BEEEAA; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00BEED78; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00BEF1EE; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00BEF194; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00BEF115; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00BEEE00; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00BEEF47; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00BEEFE4; RET .text C:\WINDOWS\system32\rundll32.exe[376] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00BEF02F; RET .text C:\WINDOWS\RTHDCPL.EXE[488] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0476B1F0; RET .text C:\WINDOWS\RTHDCPL.EXE[488] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 76, 04, C3] {RETF ; MOV BL, 0x76; ADD AL, 0xc3} .text C:\WINDOWS\RTHDCPL.EXE[488] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0476B634; RET .text C:\WINDOWS\RTHDCPL.EXE[488] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0476B5F3; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 04772F74; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 04772EF6; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0475B87A; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 04772F35; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0475E697; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0475E6E7; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0475E5F8; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 04776AE7; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 04776B81; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 047767E3; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 04772DEB; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 04772E5B; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0475E4CA; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0475E498; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 04776A19; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0475E712; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [77, 04, C3] {JA 0x6; RET } .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 0475E54E; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0475E5A8; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 04772FB4; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 04772E9B; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 04776A62; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 04776B34; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 04776BD3; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0477686F; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 04776775; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 047767C5; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0475E6BF; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 04773047; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 047768FB; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0477698D; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0475BA29; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 047768B5; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 04776944; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 047769D3; RET .text C:\WINDOWS\RTHDCPL.EXE[488] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0475E511; RET .text C:\WINDOWS\RTHDCPL.EXE[488] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0476B6B1; RET .text C:\WINDOWS\RTHDCPL.EXE[488] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0476B69A; RET .text C:\WINDOWS\RTHDCPL.EXE[488] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0475A407; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0475A736; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0475AB5D; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0475A6C6; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0475AB7E; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0475AB25; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0476EDBC; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0476F07A; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0476EE55; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0476F21A; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0476F0E7; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0476EEAA; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0476ED78; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0476F1EE; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0476F194; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0476F115; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0476EE00; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0476EF47; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0476EFE4; RET .text C:\WINDOWS\RTHDCPL.EXE[488] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0476F02F; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0163B1F0; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 63, 01, C3] {RETF ; MOV BL, 0x63; ADD EBX, EAX} .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0163B634; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0163B5F3; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01642F74; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01642EF6; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0162B87A; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01642F35; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0162E697; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0162E6E7; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0162E5F8; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01646AE7; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01646B81; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 016467E3; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 01642DEB; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 01642E5B; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0162E4CA; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0162E498; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 01646A19; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0162E712; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [64, 01, C3] .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 0162E54E; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0162E5A8; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 01642FB4; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 01642E9B; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 01646A62; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 01646B34; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 01646BD3; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0164686F; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 01646775; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 016467C5; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0162E6BF; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 01643047; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 016468FB; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0164698D; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0162BA29; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 016468B5; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 01646944; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 016469D3; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0162E511; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0163B6B1; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0163B69A; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0162A407; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0162A736; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0162AB5D; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0162A6C6; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0162AB7E; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0162AB25; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0163EDBC; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0163F07A; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0163EE55; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0163F21A; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0163F0E7; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0163EEAA; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0163ED78; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0163F1EE; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0163F194; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0163F115; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0163EE00; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0163EF47; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0163EFE4; RET .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[504] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0163F02F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 9F] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 9F] {RETF ; MOV BL, 0x9f} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 009FB634; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 009FB5F3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 009FB6B1; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 009FB69A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00A02F74; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 009EB87A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 009EE697; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 009EE6E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 009EE5F8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00A06AE7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00A06B81; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00A067E3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 009EE4CA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 009EE498; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00A06A19; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 009EE712; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [A0, 00, C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 9E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 009EE5A8; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00A02FB4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00A06A62; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00A06B34; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00A06BD3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00A0686F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, A0] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 009EE6BF; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00A03047; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00A068FB; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00A0698D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 009EBA29; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00A068B5; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00A06944; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00A069D3; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 009EE511; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 009FEDBC; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 009FF07A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 009FEE55; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 009FF21A; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 009FF0E7; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 009FEEAA; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 009FED78; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 009FF1EE; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 009FF194; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 009FF115; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 009FEE00; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 009FEF47; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 009FEFE4; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 009FF02F; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 009EA407; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 009EA736; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WS2_32.dll!send 71A5428A 6 Bytes PUSH 009EAB5D; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 009EA6C6; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 009EAB7E; RET .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[544] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 009EAB25; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0139B1F0; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 39, 01, C3] {RETF ; MOV BL, 0x39; ADD EBX, EAX} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0139B634; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0139B5F3; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 013A2F74; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 013A2EF6; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0138B87A; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 013A2F35; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0138E697; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0138E6E7; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0138E5F8; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 013A6AE7; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 013A6B81; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 013A67E3; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 013A2DEB; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 013A2E5B; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0138E4CA; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0138E498; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 013A6A19; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0138E712; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [3A, 01, C3] {CMP AL, [ECX]; RET } .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 0138E54E; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0138E5A8; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 013A2FB4; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 013A2E9B; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 013A6A62; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 013A6B34; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 013A6BD3; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 013A686F; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 013A6775; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 013A67C5; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0138E6BF; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 013A3047; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 013A68FB; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 013A698D; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0138BA29; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 013A68B5; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 013A6944; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 013A69D3; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0138E511; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0139B6B1; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0139B69A; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0138A736; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0138AB5D; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0138A6C6; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0138AB7E; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0138AB25; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0138A407; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0139EDBC; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0139F07A; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0139EE55; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0139F21A; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0139F0E7; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0139EEAA; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0139ED78; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0139F1EE; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0139F194; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0139F115; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0139EE00; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0139EF47; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0139EFE4; RET .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[552] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0139F02F; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0241B1F0; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 41, 02, C3] {RETF ; MOV BL, 0x41; ADD AL, BL} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0241B634; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0241B5F3; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 02422F74; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 02422EF6; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0240B87A; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 02422F35; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0240E697; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0240E6E7; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0240E5F8; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 02426AE7; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 02426B81; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 024267E3; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 02422DEB; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 02422E5B; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0240E4CA; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0240E498; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 02426A19; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0240E712; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [42, 02, C3] {INC EDX; ADD AL, BL} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 0240E54E; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0240E5A8; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 02422FB4; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 02422E9B; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 02426A62; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 02426B34; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 02426BD3; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0242686F; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 02426775; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 024267C5; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0240E6BF; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 02423047; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 024268FB; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0242698D; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0240BA29; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 024268B5; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 02426944; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 024269D3; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0240E511; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0241B6B1; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0241B69A; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0240A407; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0240A736; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0240AB5D; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0240A6C6; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0240AB7E; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0240AB25; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0241EDBC; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0241F07A; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0241EE55; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0241F21A; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0241F0E7; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0241EEAA; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0241ED78; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0241F1EE; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0241F194; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0241F115; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0241EE00; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0241EF47; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0241EFE4; RET .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[600] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0241F02F; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 0145B1F0; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 45, 01, C3] {RETF ; MOV BL, 0x45; ADD EBX, EAX} .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0145B634; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0145B5F3; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0145B6B1; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0145B69A; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01462F74; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01462EF6; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0144B87A; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01462F35; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0144E697; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0144E6E7; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0144E5F8; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01466AE7; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01466B81; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 014667E3; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 01462DEB; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 01462E5B; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0144E4CA; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0144E498; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 01466A19; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0144E712; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [46, 01, C3] {INC ESI; ADD EBX, EAX} .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 0144E54E; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0144E5A8; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 01462FB4; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 01462E9B; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 01466A62; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 01466B34; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 01466BD3; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0146686F; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 01466775; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 014667C5; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0144E6BF; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 01463047; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 014668FB; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0146698D; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0144BA29; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 014668B5; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 01466944; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 014669D3; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0144E511; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0144A736; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0144AB5D; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0144A6C6; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0144AB7E; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0144AB25; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0144A407; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0145EDBC; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0145F07A; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0145EE55; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0145F21A; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0145F0E7; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0145EEAA; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0145ED78; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0145F1EE; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0145F194; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0145F115; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0145EE00; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0145EF47; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0145EFE4; RET .text E:\Programy użytkowe\Quick Time 7\iTunesHelper.exe[1308] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0145F02F; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 01D1B1F0; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, D1, 01, C3] {RETF ; MOV BL, 0xd1; ADD EBX, EAX} .text C:\WINDOWS\system32\cozewooh.exe[1356] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 01D1B634; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 01D1B5F3; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 01D22F74; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 01D22EF6; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 01D0B87A; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 01D22F35; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 01D0E697; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 01D0E6E7; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 01D0E5F8; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 01D26AE7; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 01D26B81; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 01D267E3; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 01D22DEB; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 01D22E5B; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 01D0E4CA; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 01D0E498; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 01D26A19; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 01D0E712; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [D2, 01, C3] {ROL BYTE [ECX], CL; RET } .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 01D0E54E; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 01D0E5A8; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 01D22FB4; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 01D22E9B; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 01D26A62; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 01D26B34; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 01D26BD3; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 01D2686F; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 01D26775; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 01D267C5; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 01D0E6BF; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 01D23047; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 01D268FB; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 01D2698D; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 01D0BA29; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 01D268B5; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 01D26944; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 01D269D3; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 01D0E511; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 01D1B6B1; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 01D1B69A; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 01D0A736; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WS2_32.dll!send 71A5428A 6 Bytes PUSH 01D0AB5D; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 01D0A6C6; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 01D0AB7E; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 01D0AB25; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 01D1EDBC; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 01D1F07A; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 01D1EE55; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 01D1F21A; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 01D1F0E7; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 01D1EEAA; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 01D1ED78; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 01D1F1EE; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 01D1F194; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 01D1F115; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 01D1EE00; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 01D1EF47; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 01D1EFE4; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 01D1F02F; RET .text C:\WINDOWS\system32\cozewooh.exe[1356] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 01D0A407; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, F9] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, F9] {RETF ; MOV BL, 0xf9} .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00F9B634; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00F9B5F3; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00FA2F74; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00F8B87A; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00F8E697; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00F8E6E7; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00F8E5F8; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00FA6AE7; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00FA6B81; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00FA67E3; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00F8E4CA; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00F8E498; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00FA6A19; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00F8E712; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [FA, 00, C3] {CLI ; ADD BL, AL} .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, F8] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00F8E5A8; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00FA2FB4; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00FA6A62; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00FA6B34; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00FA6BD3; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00FA686F; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, FA] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00F8E6BF; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00FA3047; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00FA68FB; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00FA698D; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00F8BA29; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00FA68B5; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00FA6944; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00FA69D3; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00F8E511; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00F9B6B1; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00F9B69A; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00F8A736; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00F8AB5D; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00F8A6C6; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00F8AB7E; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00F8AB25; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00F9EDBC; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00F9F07A; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00F9EE55; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00F9F21A; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00F9F0E7; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00F9EEAA; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00F9ED78; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00F9F1EE; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00F9F194; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00F9F115; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00F9EE00; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00F9EF47; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00F9EFE4; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00F9F02F; RET .text C:\Program Files\Logitech\Klawiatura\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1432] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00F8A407; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, FB] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, FB] {RETF ; MOV BL, 0xfb} .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00FBB634; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00FBB5F3; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00FBB6B1; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00FBB69A; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00FC2F74; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00FAB87A; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00FAE697; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00FAE6E7; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00FAE5F8; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00FC6AE7; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00FC6B81; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00FC67E3; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00FAE4CA; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00FAE498; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00FC6A19; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00FAE712; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [FC, 00, C3] {CLD ; ADD BL, AL} .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, FA] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00FAE5A8; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00FC2FB4; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00FC6A62; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00FC6B34; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00FC6BD3; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00FC686F; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, FC] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00FAE6BF; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00FC3047; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00FC68FB; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00FC698D; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00FABA29; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00FC68B5; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00FC6944; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00FC69D3; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00FAE511; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00FBEDBC; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00FBF07A; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00FBEE55; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00FBF21A; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00FBF0E7; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00FBEEAA; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00FBED78; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00FBF1EE; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00FBF194; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00FBF115; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00FBEE00; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00FBEF47; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00FBEFE4; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00FBF02F; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00FAA407; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00FAA736; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00FAAB5D; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00FAA6C6; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00FAAB7E; RET .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1436] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00FAAB25; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, B2] .text C:\WINDOWS\system32\ctfmon.exe[1468] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, B2] {RETF ; MOV BL, 0xb2} .text C:\WINDOWS\system32\ctfmon.exe[1468] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00B2B634; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00B2B5F3; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00B2B6B1; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00B2B69A; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00B32F74; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00B1B87A; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00B1E697; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00B1E6E7; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00B1E5F8; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00B36AE7; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00B36B81; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00B367E3; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00B1E4CA; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00B1E498; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00B36A19; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00B1E712; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [B3, 00, C3] {MOV BL, 0x0; RET } .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, B1] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00B1E5A8; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00B32FB4; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00B36A62; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00B36B34; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00B36BD3; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00B3686F; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, B3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00B1E6BF; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00B33047; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00B368FB; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00B3698D; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00B1BA29; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00B368B5; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00B36944; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00B369D3; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00B1E511; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00B1A736; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00B1AB5D; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00B1A6C6; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00B1AB7E; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00B1AB25; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00B1A407; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00B2EDBC; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00B2F07A; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00B2EE55; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00B2F21A; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00B2F0E7; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00B2EEAA; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00B2ED78; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00B2F1EE; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00B2F194; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00B2F115; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00B2EE00; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00B2EF47; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00B2EFE4; RET .text C:\WINDOWS\system32\ctfmon.exe[1468] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00B2F02F; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, C0] .text C:\WINDOWS\system32\wuauclt.exe[1516] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, C0] {RETF ; MOV BL, 0xc0} .text C:\WINDOWS\system32\wuauclt.exe[1516] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00C0B634; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00C0B5F3; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00C0B6B1; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00C0B69A; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00C12F74; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00BFB87A; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00BFE697; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00BFE6E7; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00BFE5F8; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00C16AE7; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00C16B81; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00C167E3; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00BFE4CA; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00BFE498; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00C16A19; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00BFE712; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [C1, 00, C3] {ROL DWORD [EAX], 0xc3} .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, BF] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00BFE5A8; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00C12FB4; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00C16A62; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00C16B34; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00C16BD3; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00C1686F; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, C1] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00BFE6BF; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00C13047; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00C168FB; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00C1698D; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00BFBA29; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00C168B5; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00C16944; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00C169D3; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00BFE511; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00BFA407; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00BFA736; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00BFAB5D; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00BFA6C6; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00BFAB7E; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00BFAB25; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00C0EDBC; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00C0F07A; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00C0EE55; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00C0F21A; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00C0F0E7; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00C0EEAA; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00C0ED78; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00C0F1EE; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00C0F194; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00C0F115; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00C0EE00; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00C0EF47; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00C0EFE4; RET .text C:\WINDOWS\system32\wuauclt.exe[1516] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00C0F02F; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, EA] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, EA] {RETF ; MOV BL, 0xea} .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00EAB634; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00EAB5F3; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00EB2F74; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00E9B87A; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00E9E697; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00E9E6E7; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00E9E5F8; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00EB6AE7; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00EB6B81; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00EB67E3; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00E9E4CA; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00E9E498; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00EB6A19; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00E9E712; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [EB, 00, C3] {JMP 0x2; RET } .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, E9] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00E9E5A8; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00EB2FB4; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00EB6A62; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00EB6B34; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00EB6BD3; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00EB686F; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, EB] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00E9E6BF; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00EB3047; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00EB68FB; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00EB698D; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00E9BA29; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00EB68B5; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00EB6944; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00EB69D3; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00E9E511; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00EAB6B1; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00EAB69A; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00EAEDBC; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00EAF07A; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00EAEE55; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00EAF21A; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00EAF0E7; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00EAEEAA; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00EAED78; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00EAF1EE; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00EAF194; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00EAF115; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00EAEE00; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00EAEF47; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00EAEFE4; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00EAF02F; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00E9A407; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00E9A736; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00E9AB5D; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00E9A6C6; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00E9AB7E; RET .text E:\Programy użytkowe\Kies\KiesTrayAgent.exe[1704] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00E9AB25; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 015EB1F0; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, 5E, 01, C3] {RETF ; MOV BL, 0x5e; ADD EBX, EAX} .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 015EB634; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 015EB5F3; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 015EB6B1; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 015EB69A; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 015F2F74; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 015F2EF6; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 015DB87A; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 015F2F35; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 015DE697; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 015DE6E7; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 015DE5F8; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 015F6AE7; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 015F6B81; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 015F67E3; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 015F2DEB; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 015F2E5B; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 015DE4CA; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 015DE498; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 015F6A19; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 015DE712; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [5F, 01, C3] {POP EDI; ADD EBX, EAX} .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 015DE54E; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 015DE5A8; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 015F2FB4; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 015F2E9B; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 015F6A62; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 015F6B34; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 015F6BD3; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 015F686F; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 015F6775; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 015F67C5; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 015DE6BF; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 015F3047; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 015F68FB; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 015F698D; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 015DBA29; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 015F68B5; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 015F6944; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 015F69D3; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 015DE511; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 015DA736; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WS2_32.dll!send 71A5428A 6 Bytes PUSH 015DAB5D; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 015DA6C6; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 015DAB7E; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 015DAB25; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 015DA407; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 015EEDBC; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 015EF07A; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 015EEE55; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 015EF21A; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 015EF0E7; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 015EEEAA; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 015EED78; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 015EF1EE; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 015EF194; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 015EF115; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 015EEE00; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 015EEF47; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 015EEFE4; RET .text E:\Programy użytkowe\Belkin\Bluetooth Software\BTTray.exe[1724] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 015EF02F; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, B1] .text C:\WINDOWS\system32\wuauclt.exe[1784] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, B1] {RETF ; MOV BL, 0xb1} .text C:\WINDOWS\system32\wuauclt.exe[1784] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00B1B634; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00B1B5F3; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00B1B6B1; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00B1B69A; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00B22F74; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00B0B87A; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00B0E697; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00B0E6E7; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00B0E5F8; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00B26AE7; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00B26B81; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00B267E3; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00B0E4CA; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00B0E498; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00B26A19; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00B0E712; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [B2, 00, C3] {MOV DL, 0x0; RET } .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, B0] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00B0E5A8; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00B22FB4; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00B26A62; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00B26B34; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00B26BD3; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00B2686F; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, B2] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00B0E6BF; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00B23047; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00B268FB; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00B2698D; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00B0BA29; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00B268B5; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00B26944; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00B269D3; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00B0E511; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00B1EDBC; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00B1F07A; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00B1EE55; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00B1F21A; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00B1F0E7; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00B1EEAA; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00B1ED78; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00B1F1EE; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00B1F194; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00B1F115; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00B1EE00; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00B1EF47; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00B1EFE4; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00B1F02F; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00B0A407; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00B0A736; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00B0AB5D; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00B0A6C6; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00B0AB7E; RET .text C:\WINDOWS\system32\wuauclt.exe[1784] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00B0AB25; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] ntdll.dll!NtCreateThread 7C90D1AE 6 Bytes PUSH 03A5B1F0; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] ntdll.dll!LdrLoadDll + 1 7C915CBC 5 Bytes [CB, B3, A5, 03, C3] {RETF ; MOV BL, 0xa5; ADD EAX, EBX} .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] ntdll.dll!DbgUiRemoteBreakin 7C951E0B 1 Byte [C3] .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] KERNEL32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 03A5B634; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] KERNEL32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 03A5B5F3; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 03A5B6B1; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 03A5B69A; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 03A62F74; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetDC 7E3686C7 6 Bytes PUSH 03A62EF6; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 03A4B87A; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetWindowDC 7E369021 6 Bytes PUSH 03A62F35; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 03A4E697; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 03A4E6E7; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 03A4E5F8; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 03A66AE7; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 03A66B81; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 03A667E3; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!BeginPaint 7E36B609 6 Bytes PUSH 03A62DEB; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!EndPaint 7E36B61D 6 Bytes PUSH 03A62E5B; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 03A4E4CA; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 03A4E498; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 03A66A19; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 03A4E712; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [A6, 03, C3] {CMPSB ; ADD EAX, EBX} .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!SetCapture 7E36D6CE 6 Bytes PUSH 03A4E54E; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 03A4E5A8; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 03A62FB4; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetDCEx 7E36E875 6 Bytes PUSH 03A62E9B; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 03A66A62; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 03A66B34; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 03A66BD3; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 03A6686F; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!OpenInputDesktop 7E377C7A 6 Bytes PUSH 03A66775; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!SwitchDesktop 7E379496 6 Bytes PUSH 03A667C5; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 03A4E6BF; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 03A63047; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 03A668FB; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 03A6698D; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 03A4BA29; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 03A668B5; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 03A66944; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 03A669D3; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 03A4E511; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 03A4A407; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 03A4A736; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WS2_32.dll!send 71A5428A 6 Bytes PUSH 03A4AB5D; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 03A4A6C6; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 03A4AB7E; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 03A4AB25; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 03A5EDBC; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 03A5F07A; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 03A5EE55; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 03A5F21A; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 03A5F0E7; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 03A5EEAA; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 03A5ED78; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 03A5F1EE; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 03A5F194; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 03A5F115; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 03A5EE00; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 03A5EF47; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 03A5EFE4; RET .text E:\Programy użytkowe\Kies\External\FirmwareUpdate\KiesPDLR.exe[1992] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 03A5F02F; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, D5] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, D5] {RETF ; MOV BL, 0xd5} .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 00D5B634; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 00D5B5F3; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 00D5B6B1; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 00D5B69A; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00D62F74; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 00D4B87A; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 00D4E697; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 00D4E6E7; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 00D4E5F8; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00D66AE7; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00D66B81; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 00D667E3; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 00D4E4CA; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 00D4E498; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00D66A19; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 00D4E712; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [D6, 00, C3] {SALC ; ADD BL, AL} .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, D4] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 00D4E5A8; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00D62FB4; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00D66A62; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00D66B34; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00D66BD3; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 00D6686F; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, D6] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 00D4E6BF; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00D63047; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 00D668FB; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 00D6698D; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 00D4BA29; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 00D668B5; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00D66944; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 00D669D3; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 00D4E511; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 00D4A736; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WS2_32.dll!send 71A5428A 6 Bytes PUSH 00D4AB5D; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 00D4A6C6; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 00D4AB7E; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 00D4AB25; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 00D4A407; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 00D5EDBC; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 00D5F07A; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 00D5EE55; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 00D5F21A; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 00D5F0E7; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 00D5EEAA; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 00D5ED78; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 00D5F1EE; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 00D5F194; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 00D5F115; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 00D5EE00; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 00D5EF47; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 00D5EFE4; RET .text E:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2308] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 00D5F02F; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 8B] .text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 8B] {RETF ; MOV BL, 0x8b} .text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!GetFileAttributesExW 7C811105 3 Bytes [68, 34, B6] .text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!GetFileAttributesExW + 4 7C811109 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!ExitProcess 7C81CDEA 3 Bytes [68, F3, B5] .text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!ExitProcess + 4 7C81CDEE 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 008C2F74; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 008AB87A; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 008AE697; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 008AE6E7; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 008AE5F8; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 008C6AE7; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 008C6B81; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 008C67E3; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 008AE4CA; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 008AE498; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 008C6A19; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 008AE712; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [8C, 00, C3] {MOV WORD [EAX], ES; RET } .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 8A] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 008AE5A8; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 008C2FB4; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 008C6A62; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 008C6B34; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 008C6BD3; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 008C686F; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, 8C] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 008AE6BF; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 008C3047; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 008C68FB; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 008C698D; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 008ABA29; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 008C68B5; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 008C6944; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 008C69D3; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 008AE511; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 3 Bytes [68, B1, B6] .text C:\WINDOWS\system32\wscntfy.exe[3148] ADVAPI32.dll!CreateProcessAsUserW + 4 77DE6289 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 3 Bytes [68, 9A, B6] .text C:\WINDOWS\system32\wscntfy.exe[3148] ADVAPI32.dll!CreateProcessAsUserA + 4 77E009B4 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 008AA736; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WS2_32.dll!send 71A5428A 6 Bytes PUSH 008AAB5D; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 008AA6C6; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 008AAB7E; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 008AAB25; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 008AA407; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpOpenRequestA 771B3674 3 Bytes [68, BC, ED] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpOpenRequestA + 4 771B3678 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetCloseHandle 771B4D3C 3 Bytes [68, 7A, F0] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetCloseHandle + 4 771B4D40 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestA 771B60C9 3 Bytes [68, 55, EE] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestA + 4 771B60CD 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 008BF21A; RET .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetReadFile 771B827C 3 Bytes [68, E7, F0] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetReadFile + 4 771B8280 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestExW 771BE989 3 Bytes [68, AA, EE] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestExW + 4 771BE98D 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpOpenRequestW 771BF3BE 3 Bytes [68, 78, ED] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpOpenRequestW + 4 771BF3C2 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetQueryDataAvailable 771C8A37 3 Bytes [68, EE, F1] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetQueryDataAvailable + 4 771C8A3B 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetSetFilePointer 771E7999 3 Bytes [68, 94, F1] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetSetFilePointer + 4 771E799D 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetReadFileExA 771E868E 3 Bytes [68, 15, F1] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!InternetReadFileExA + 4 771E8692 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestW 772023AC 3 Bytes [68, 00, EE] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestW + 4 772023B0 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestExA 772024B1 3 Bytes [68, 47, EF] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpSendRequestExA + 4 772024B5 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpEndRequestA 77202517 3 Bytes [68, E4, EF] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpEndRequestA + 4 7720251B 2 Bytes [00, C3] {ADD BL, AL} .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpEndRequestW 77202549 3 Bytes [68, 2F, F0] .text C:\WINDOWS\system32\wscntfy.exe[3148] WININET.dll!HttpEndRequestW + 4 7720254D 2 Bytes [00, C3] {ADD BL, AL} .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 15] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 15] {RETF ; MOV BL, 0x15} .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0015B634; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0015B5F3; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00162F74; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0014B87A; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0014E697; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0014E6E7; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0014E5F8; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00166AE7; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00166B81; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 001667E3; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0014E4CA; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0014E498; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00166A19; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0014E712; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [16, 00, C3] {PUSH SS; ADD BL, AL} .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 14] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0014E5A8; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00162FB4; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00166A62; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00166B34; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00166BD3; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0016686F; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, 16] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0014E6BF; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00163047; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 001668FB; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0016698D; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0014BA29; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 001668B5; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00166944; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 001669D3; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0014E511; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0015B6B1; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0015B69A; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0014A736; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0014AB5D; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0014A6C6; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0014AB7E; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0014AB25; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0014A407; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0015EDBC; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0015F07A; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0015EE55; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0015F21A; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0015F0E7; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0015EEAA; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0015ED78; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0015F1EE; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0015F194; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0015F115; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0015EE00; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0015EF47; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0015EFE4; RET .text E:\Programy użytkowe\lyn6qk1h.exe[3272] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0015F02F; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 14] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 14] {RETF ; MOV BL, 0x14} .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0014B634; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0014B5F3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013A736; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0013AB5D; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0013A6C6; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0013AB7E; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0013AB25; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0014B6B1; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0014B69A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00152F74; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0013B87A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0013E697; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0013E6E7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0013E5F8; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00156AE7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00156B81; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 001567E3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0013E4CA; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0013E498; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00156A19; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0013E712; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [15, 00, C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 13] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0013E5A8; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00152FB4; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00156A62; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00156B34; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00156BD3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0015686F; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0013E6BF; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00153047; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 001568FB; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0015698D; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0013BA29; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 001568B5; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00156944; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 001569D3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] user32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0013E511; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0013A407; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0014EDBC; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0014F07A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0014EE55; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0014F21A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0014F0E7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0014EEAA; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0014ED78; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0014F1EE; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0014F194; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0014F115; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0014EE00; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0014EF47; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0014EFE4; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\xuopxhygwmu9407EAF3.tmp[3628] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0014F02F; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 14] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 14] {RETF ; MOV BL, 0x14} .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0014B634; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0014B5F3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0013A736; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0013AB5D; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0013A6C6; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0013AB7E; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0013AB25; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0014B6B1; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0014B69A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00152F74; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0013B87A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0013E697; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0013E6E7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0013E5F8; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00156AE7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00156B81; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 001567E3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0013E4CA; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0013E498; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00156A19; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0013E712; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [15, 00, C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 13] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0013E5A8; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00152FB4; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00156A62; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00156B34; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00156BD3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0015686F; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, 15] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0013E6BF; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00153047; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 001568FB; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0015698D; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0013BA29; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 001568B5; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00156944; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 001569D3; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] user32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0013E511; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0013A407; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0014EDBC; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0014F07A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0014EE55; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0014F21A; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0014F0E7; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0014EEAA; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0014ED78; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0014F1EE; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0014F194; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0014F115; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0014EE00; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0014EF47; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0014EFE4; RET .text C:\DOCUME~1\Ja\USTAWI~1\Temp\zocr1A54BBC4.tmp[3856] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0014F02F; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ntdll.dll!NtCreateThread 7C90D1AE 4 Bytes [68, F0, B1, 15] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ntdll.dll!NtCreateThread + 5 7C90D1B3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ntdll.dll!LdrLoadDll + 1 7C915CBC 3 Bytes [CB, B3, 15] {RETF ; MOV BL, 0x15} .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ntdll.dll!LdrLoadDll + 5 7C915CC0 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] kernel32.dll!GetFileAttributesExW 7C811105 6 Bytes PUSH 0015B634; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] kernel32.dll!ExitProcess 7C81CDEA 6 Bytes PUSH 0015B5F3; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ADVAPI32.dll!CreateProcessAsUserW 77DE6285 6 Bytes PUSH 0015B6B1; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] ADVAPI32.dll!CreateProcessAsUserA 77E009B0 6 Bytes PUSH 0015B69A; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] CRYPT32.dll!PFXImportCertStore 77ADF748 6 Bytes PUSH 0014A407; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!ReleaseDC 7E36869D 6 Bytes PUSH 00162F74; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetDC 7E3686C7 4 Bytes [68, F6, 2E, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetDC + 5 7E3686CC 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!TranslateMessage 7E368BF6 6 Bytes PUSH 0014B87A; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetWindowDC 7E369021 4 Bytes [68, 35, 2F, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetWindowDC + 5 7E369026 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetMessageW 7E3691C6 6 Bytes PUSH 0014E697; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!PeekMessageW 7E36929B 6 Bytes PUSH 0014E6E7; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetCapture 7E3694DA 6 Bytes PUSH 0014E5F8; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!RegisterClassW 7E36A39A 6 Bytes PUSH 00166AE7; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes PUSH 00166B81; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefWindowProcW 7E36B33C 6 Bytes PUSH 001667E3; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!BeginPaint 7E36B609 4 Bytes [68, EB, 2D, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!BeginPaint + 5 7E36B60E 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!EndPaint 7E36B61D 4 Bytes [68, 5B, 2E, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!EndPaint + 5 7E36B622 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetCursorPos 7E36BD76 6 Bytes PUSH 0014E4CA; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetMessagePos 7E36BF94 6 Bytes PUSH 0014E498; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!CallWindowProcW 7E36C64A 6 Bytes PUSH 00166A19; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!PeekMessageA 7E36C96C 6 Bytes PUSH 0014E712; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefWindowProcA 7E36D4EE 2 Bytes [68, 29] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefWindowProcA + 3 7E36D4F1 3 Bytes [16, 00, C3] {PUSH SS; ADD BL, AL} .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!SetCapture 7E36D6CE 4 Bytes [68, 4E, E5, 14] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!SetCapture + 5 7E36D6D3 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!ReleaseCapture 7E36D6EA 6 Bytes PUSH 0014E5A8; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetUpdateRect 7E36D6F7 6 Bytes PUSH 00162FB4; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetDCEx 7E36E875 4 Bytes [68, 9B, 2E, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetDCEx + 5 7E36E87A 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!CallWindowProcA 7E36F642 6 Bytes PUSH 00166A62; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!RegisterClassA 7E370A36 6 Bytes PUSH 00166B34; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!RegisterClassExA 7E372DA0 6 Bytes PUSH 00166BD3; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefDlgProcW 7E37379A 6 Bytes PUSH 0016686F; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!OpenInputDesktop 7E377C7A 4 Bytes [68, 75, 67, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!OpenInputDesktop + 5 7E377C7F 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!SwitchDesktop 7E379496 4 Bytes [68, C5, 67, 16] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!SwitchDesktop + 5 7E37949B 1 Byte [C3] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetMessageA 7E37E002 6 Bytes PUSH 0014E6BF; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetUpdateRgn 7E37F5AC 6 Bytes PUSH 00163047; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefFrameProcW 7E3807F3 6 Bytes PUSH 001668FB; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefMDIChildProcW 7E380A07 6 Bytes PUSH 0016698D; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!GetClipboardData 7E380D7A 6 Bytes PUSH 0014BA29; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefDlgProcA 7E38E53F 6 Bytes PUSH 001668B5; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefFrameProcA 7E39F705 6 Bytes PUSH 00166944; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!DefMDIChildProcA 7E39F754 6 Bytes PUSH 001669D3; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] USER32.dll!SetCursorPos 7E3A5F53 6 Bytes PUSH 0014E511; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpOpenRequestA 771B3674 6 Bytes PUSH 0015EDBC; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!InternetCloseHandle 771B4D3C 6 Bytes PUSH 0015F07A; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpSendRequestA 771B60C9 6 Bytes PUSH 0015EE55; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpQueryInfoA 771B7992 6 Bytes PUSH 0015F21A; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!InternetReadFile 771B827C 6 Bytes PUSH 0015F0E7; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpSendRequestExW 771BE989 6 Bytes PUSH 0015EEAA; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpOpenRequestW 771BF3BE 6 Bytes PUSH 0015ED78; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!InternetQueryDataAvailable 771C8A37 6 Bytes PUSH 0015F1EE; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!InternetSetFilePointer 771E7999 6 Bytes PUSH 0015F194; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!InternetReadFileExA 771E868E 6 Bytes PUSH 0015F115; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpSendRequestW 772023AC 6 Bytes PUSH 0015EE00; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpSendRequestExA 772024B1 6 Bytes PUSH 0015EF47; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpEndRequestA 77202517 6 Bytes PUSH 0015EFE4; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WININET.dll!HttpEndRequestW 77202549 6 Bytes PUSH 0015F02F; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WS2_32.dll!getaddrinfo 71A52A6F 6 Bytes PUSH 0014A736; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WS2_32.dll!send 71A5428A 6 Bytes PUSH 0014AB5D; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WS2_32.dll!gethostbyname 71A54FD4 6 Bytes PUSH 0014A6C6; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WS2_32.dll!WSASend 71A56233 6 Bytes PUSH 0014AB7E; RET .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4036] WS2_32.dll!closesocket 71A59639 6 Bytes PUSH 0014AB25; RET ---- Devices - GMER 1.0.15 ---- Device \Driver\prodrv06 \Device\ProDrv06 E1C17288 Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\prohlp02 \Device\ProHlp02 E16B7338 Device ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6e4d58 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy u?ytkowe\DaemonTools\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x29 0xC3 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x91 0x3F 0xA0 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x1B 0xA2 0xEE ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a6e4d58 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Programy u?ytkowe\DaemonTools\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x29 0xC3 0x37 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x91 0x3F 0xA0 0x57 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0x1B 0xA2 0xEE ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{445A672B-4FF8-FA1E-5A58-749BEE1EA3B1} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{445A672B-4FF8-FA1E-5A58-749BEE1EA3B1}@jaemfflniejmlbmpklia 0x6B 0x61 0x62 0x64 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{445A672B-4FF8-FA1E-5A58-749BEE1EA3B1}@jalmemdbldbddpbakaab 0x69 0x61 0x62 0x64 ... ---- EOF - GMER 1.0.15 ----