GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-22 13:10:48 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9320325AS rev.0003SDM1 298,09GB Running: bbxprnx9.exe; Driver: C:\Users\MG\AppData\Local\Temp\pxldipow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAddBootEntry [0x90439A10] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcConnectPort [0x90439ED8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcSendWaitReceivePort [0x9043C398] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwConnectPort [0x9043B22A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateSection [0x9043AE84] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThread [0x9043A9F0] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThreadEx [0x9043A2EA] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteBootEntry [0x90439A7C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteFile [0x9043A0B0] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeviceIoControlFile [0x90439450] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDuplicateObject [0x904396B4] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwFsControlFile [0x9043A050] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateClientOfPort [0x9043A016] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateThread [0x90439FD4] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwLoadDriver [0x9043BDD8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwMapViewOfSection [0x9043BC3C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwModifyBootEntry [0x90439A46] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenProcess [0x9043BFA6] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenSection [0x9043A92C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenThread [0x9043B11E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwProtectVirtualMemory [0x9043AACE] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwQueueApcThread [0x9043950E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwReplaceKey [0x90439B9E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRequestWaitReplyPort [0x9043C264] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRestoreKey [0x90439AE8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSecureConnectPort [0x9043B314] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetBootOptions [0x90439AB2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetContextThread [0x90439572] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetInformationFile [0x9043A114] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetSystemInformation [0x9043AD5C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwShutdownSystem [0x904399C8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSystemDebugControl [0x904395E4] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwTerminateProcess [0x90430000] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwTerminateThread [0x90430023] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwWriteVirtualMemory [0x9043BE92] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 83C54B75 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83C8EC12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83C95FD0 4 Bytes [10, 9A, 43, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83C96004 4 Bytes [D8, 9E, 43, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83C96048 4 Bytes [98, C3, 43, 90] {CWDE ; RET ; INC EBX; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83C96098 4 Bytes [2A, B2, 43, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83C960FC 4 Bytes [84, AE, 43, 90] .text ... ? system32\drivers\58730846.sys System nie może odnaleźć określonej ścieżki. ! .hgjhgj1˙˙˙˙SpySheltentry point in ".hgjhgj1˙˙˙˙SpySheltentry point in "" section [0x904F1675] C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys entry point in ".hgjhgj1˙˙˙˙SpySheltentry point in "" section [0x904F1675] .ewrere1˙˙˙˙Spysheltentry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x9186CEE1] C:\Program Files\SpyShelter Free Anti-keylogger\SpyshelterKb.sys entry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x9186CEE1] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9B43A000, 0x187DA6, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [88, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8B, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [85, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7C, 71] {JL 0x73} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [82, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8F, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [79, 71] {JNS 0x73} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [73, 71] {JAE 0x73} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] advapi32.DLL!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Sandboxie\SbieCtrl.exe[944] advapi32.DLL!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [88, 71] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8B, 71] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [85, 71] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7F, 71] {JG 0x73} .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7C, 71] {JL 0x73} .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [82, 71] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8E, 71] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [79, 71] {JNS 0x73} .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [73, 71] {JAE 0x73} .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Windows\system32\taskeng.exe[1176] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskeng.exe[1176] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\taskeng.exe[1176] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskeng.exe[1176] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Emsisoft Internet Security\a2service.exe[1540] ntdll.dll!RtlFreeActivationContextStack + 44 777BF5F6 7 Bytes JMP 08B5BA84 C:\Program Files\Emsisoft Internet Security\a2update.dll .text C:\Program Files\Emsisoft Internet Security\a2service.exe[1540] kernel32.dll!GetSystemInfo + B 7740DDBD 7 Bytes JMP 08B5B870 C:\Program Files\Emsisoft Internet Security\a2update.dll .text C:\Program Files\Emsisoft Internet Security\a2service.exe[1540] kernel32.dll!GetSystemTime + B 7740EB5C 7 Bytes JMP 08AFB71C C:\Program Files\Emsisoft Internet Security\a2update.dll .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [6A, 71] {PUSH 0x71} .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [6D, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [67, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [61, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [5E, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [64, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [70, 71] {JO 0x73} .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [58, 71] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [5B, 71] .text C:\Windows\system32\Dwm.exe[1704] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [55, 71] .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!SendInput + 4 76B97035 2 Bytes [98, 71] .text C:\Windows\system32\Dwm.exe[1704] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\Dwm.exe[1704] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [4B, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [4E, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [48, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [42, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [3F, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [45, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [51, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [39, 71] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [3C, 71] {CMP AL, 0x71} .text C:\Windows\Explorer.EXE[1720] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [36, 71] .text C:\Windows\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1720] USER32.dll!SendInput + 4 76B97035 2 Bytes [72, 71] {JB 0x73} .text C:\Windows\Explorer.EXE[1720] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Windows\Explorer.EXE[1720] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Windows\Explorer.EXE[1720] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\Explorer.EXE[1720] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\Explorer.EXE[1720] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [84, 71] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [87, 71] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [81, 71] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7B, 71] {JNP 0x73} .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [78, 71] {JS 0x73} .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8A, 71] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [72, 71] {JB 0x73} .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 05, 00, 50, C3] {MOV EAX, 0x575b7; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 05, 00, 50, C3] {MOV EAX, 0x58309; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [69, 71] .text C:\Windows\system32\taskhost.exe[1784] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 05, 00, 50, C3, ...] {MOV EAX, 0x569d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 05, 00, 50, C3, ...] {MOV EAX, 0x58657; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 05, 00, 50, C3, ...] {MOV EAX, 0x569b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 05, 00, 50, C3] {MOV EAX, 0x518b7; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 05, 00, 50, C3, ...] {MOV EAX, 0x575eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 05, 00, 50, C3, ...] {MOV EAX, 0x577e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 05, 00, 50, C3, ...] {MOV EAX, 0x55d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 05, 00, 50, C3, ...] {MOV EAX, 0x51d45; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 05, 00, 50, C3] {MOV EAX, 0x51dd5; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 05, 00, 50, C3, ...] {MOV EAX, 0x55b96; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 05, 00, 50, C3, ...] {MOV EAX, 0x57698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 05, 00, 50, C3] {MOV EAX, 0x518dd; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 05, 00, 50, C3] {MOV EAX, 0x51e20; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 05, 00, 50, C3, ...] {MOV EAX, 0x51d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 05, 00, 50, C3, ...] {MOV EAX, 0x57348; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 05] {INC EBP; JA 0x8} .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!SendInput + 4 76B97035 2 Bytes [A0, 71] .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 05, 00, 50, C3, ...] {MOV EAX, 0x558e4; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 05, 00, 50, C3, ...] {MOV EAX, 0x5194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 05, 00, 50, C3, ...] {MOV EAX, 0x5567a; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 05] {FST QWORD [EBP+0x5]} .text C:\Windows\system32\taskhost.exe[1784] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[1784] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[1784] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [6F, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [6C, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [66, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [69, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [63, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!SendInput + 4 76B97035 2 Bytes [93, 71] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1844] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [88, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8B, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [85, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7F, 71] {JG 0x73} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7C, 71] {JL 0x73} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [82, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8E, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [76, 71] {JBE 0x73} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [79, 71] {JNS 0x73} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [73, 71] {JAE 0x73} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\Programy\K10STAT154\K10STAT.exe[1896] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [84, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [87, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [81, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8A, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [6F, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!SendInput + 4 76B97035 2 Bytes [A0, 71] .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[2172] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [82, 71] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [85, 71] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [7F, 71] {JG 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [79, 71] {JNS 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [76, 71] {JBE 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [7C, 71] {JL 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [88, 71] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [70, 71] {JO 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [73, 71] {JAE 0x73} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [6D, 71] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!SendInput + 4 76B97035 2 Bytes [9E, 71] .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\ProgramData\DatacardService\DCSHelper.exe[2308] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [6F, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [69, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [66, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [6C, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [60, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [63, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [5D, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SendInput + 4 76B97035 2 Bytes [8D, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.exe[2856] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtAllocateVirtualMemory 777D53C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtAllocateVirtualMemory + 4 777D53C4 2 Bytes [41, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [0D, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [10, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtFlushBuffersFile 777D5A40 5 Bytes JMP 60E5FCB1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [0A, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [04, 71] {ADD AL, 0x71} .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtProtectVirtualMemory 777D6000 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtProtectVirtualMemory + 4 777D6004 2 Bytes [3E, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtQueryFullAttributesFile 777D60D0 5 Bytes JMP 60E5FE64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtReadFile 777D63A0 5 Bytes JMP 60E5FCEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtReadFileScatter 777D63B0 5 Bytes JMP 611EF233 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [01, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [07, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [13, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [FB, 70] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [FE, 70] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtWriteFile 777D6B50 5 Bytes JMP 60E60115 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!NtWriteFileGather 777D6B60 5 Bytes JMP 611EF283 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 07, 00, 50, C3] {MOV EAX, 0x775b7; PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!LdrLoadDll 777F2576 4 Bytes JMP 639FA7DC C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ntdll.dll!LdrLoadDll + 5 777F257B 2 Bytes [50, C3] {PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessW 773C204D 6 Bytes JMP 71A5000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessA 773C2082 6 Bytes JMP 71A2000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!SetProcessDEPPolicy 773F6438 6 Bytes JMP 7145000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CopyFileW 773F6C4F 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!TerminateProcess + B 77402D20 7 Bytes JMP 000711E5 .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7740952E 7 Bytes JMP 611D88D7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!QueryPerformanceCounter + 13 7740C535 7 Bytes JMP 611D92B8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateFileA 7740EB61 6 Bytes JMP 7199000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!LoadAppInitDlls + 355 7740F5F6 7 Bytes JMP 60F4C918 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [AA, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessInternalA 7741C9CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CreateProcessInternalA + 4 7741C9D0 2 Bytes [A7, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!CopyFileA 77426E8A 6 Bytes JMP 718D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!MoveFileW 77427006 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!MoveFileA 7744C459 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!WinExec 7744F2AE 6 Bytes JMP 718A000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] kernel32.dll!VirtualAllocExNuma + B 774502EC 7 Bytes JMP 00071229 .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WS2_32.dll!WSAStartup 76D13AB2 6 Bytes JMP 7178000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] msvcrt.dll!_wsystem 768BB057 6 Bytes JMP 717E000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] msvcrt.dll!system 768BB177 6 Bytes JMP 7181000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 07, 00, 50, C3] {MOV EAX, 0x718b7; PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 07, 00, 50, C3, ...] {MOV EAX, 0x775eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 07, 00, 50, C3, ...] {MOV EAX, 0x777e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 07, 00, 50, C3, ...] {MOV EAX, 0x75d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 07, 00, 50, C3, ...] {MOV EAX, 0x71d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 07, 00, 50, C3] {MOV EAX, 0x71dd5; PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 07, 00, 50, C3, ...] {MOV EAX, 0x75b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 07, 00, 50, C3, ...] {MOV EAX, 0x77698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 07, 00, 50, C3] {MOV EAX, 0x718dd; PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetWindowInfo 76B74B66 5 Bytes JMP 61C9AB31 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 07, 00, 50, C3] {MOV EAX, 0x71e20; PUSH EAX; RET } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 07, 00, 50, C3, ...] {MOV EAX, 0x71d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 07, 00, 50, C3, ...] {MOV EAX, 0x77348; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 07] {INC EBP; JA 0xa} .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!SendInput + 4 76B97035 2 Bytes [28, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 07, 00, 50, C3, ...] {MOV EAX, 0x758e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 07, 00, 50, C3, ...] {MOV EAX, 0x7194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 07, 00, 50, C3, ...] {MOV EAX, 0x7567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 07] {FST QWORD [EBP+0x7]} .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] GDI32.dll!GetViewportOrgEx + 26C 773787DB 7 Bytes JMP 611D8258 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] SHELL32.dll!ShellExecuteW 75AA3C31 6 Bytes JMP 7187000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] SHELL32.dll!ShellExecuteExW 75AB1E6D 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpOpenRequestW 76EE42A0 6 Bytes JMP 7175000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpSendRequestW 76EE6F50 6 Bytes JMP 7163000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!InternetReadFile 76EF04F0 6 Bytes JMP 7169000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!InternetReadFileExW 76EF2EF0 6 Bytes JMP 7166000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpSendRequestExW 76F3C550 6 Bytes JMP 715D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpSendRequestA 76F6D850 6 Bytes JMP 7160000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpOpenRequestA 76F738E0 6 Bytes JMP 7172000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!InternetOpenUrlA 76FC6180 6 Bytes JMP 716C000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!InternetOpenUrlW 76FC6CC0 6 Bytes JMP 716F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] WININET.dll!HttpSendRequestExA 76FEA660 6 Bytes JMP 715A000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 07, 00, 50, C3, ...] {MOV EAX, 0x769d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 07, 00, 50, C3, ...] {MOV EAX, 0x78657; PUSH EAX; RET ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[3608] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 07, 00, 50, C3, ...] {MOV EAX, 0x769b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [6E, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [71, 71] {JNO 0x73} .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [6B, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [5F, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [5C, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [62, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [56, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [59, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [53, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!SendInput + 4 76B97035 2 Bytes [8C, 71] .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Program Files\cFosSpeed\cfosspeed.exe[3612] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ntdll.dll!RtlFreeActivationContextStack + 44 777BF5F6 7 Bytes JMP 02AA0B54 C:\Program Files\Emsisoft Internet Security\a2framework.dll .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] kernel32.dll!GetSystemInfo + B 7740DDBD 7 Bytes JMP 02AA0940 C:\Program Files\Emsisoft Internet Security\a2framework.dll .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] kernel32.dll!GetSystemTime + B 7740EB5C 7 Bytes JMP 02A3C1BC C:\Program Files\Emsisoft Internet Security\a2framework.dll .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Program Files\Emsisoft Internet Security\a2guard.exe[3688] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [87, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8A, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [84, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [81, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8D, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 01, 00, 50, C3] {MOV EAX, 0x175b7; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 01, 00, 50, C3] {MOV EAX, 0x18309; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 01, 00, 50, C3] {MOV EAX, 0x118b7; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 01, 00, 50, C3, ...] {MOV EAX, 0x175eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 01, 00, 50, C3, ...] {MOV EAX, 0x177e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 01, 00, 50, C3, ...] {MOV EAX, 0x15d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 01, 00, 50, C3, ...] {MOV EAX, 0x11d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 01, 00, 50, C3] {MOV EAX, 0x11dd5; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 01, 00, 50, C3, ...] {MOV EAX, 0x15b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 01, 00, 50, C3, ...] {MOV EAX, 0x17698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 01, 00, 50, C3] {MOV EAX, 0x118dd; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 01, 00, 50, C3] {MOV EAX, 0x11e20; PUSH EAX; RET } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 01, 00, 50, C3, ...] {MOV EAX, 0x11d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 01, 00, 50, C3, ...] {MOV EAX, 0x17348; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 01] {INC EBP; JA 0x4} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 01, 00, 50, C3, ...] {MOV EAX, 0x158e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 01, 00, 50, C3, ...] {MOV EAX, 0x1194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 01, 00, 50, C3, ...] {MOV EAX, 0x1567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 01] {FST QWORD [EBP+0x1]} .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 01, 00, 50, C3, ...] {MOV EAX, 0x169d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 01, 00, 50, C3, ...] {MOV EAX, 0x18657; PUSH EAX; RET ; NOP } .text C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe[3720] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 01, 00, 50, C3, ...] {MOV EAX, 0x169b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [88, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8B, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [85, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [7F, 71] {JG 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7C, 71] {JL 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [82, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8F, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [79, 71] {JNS 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] KERNEL32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] KERNEL32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] KERNEL32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [73, 71] {JAE 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ws2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ws2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ws2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3856] ws2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [6F, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [69, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [66, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [6C, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [60, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [63, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [5D, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!SendInput + 4 76B97035 2 Bytes [8D, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[4048] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\Program Files\Emsisoft Internet Security\a2hooks32.dll .text C:\Windows\explorer.exe[4440] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [80, 71] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [83, 71] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\explorer.exe[4440] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [7A, 71] {JP 0x73} .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [86, 71] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [6E, 71] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [71, 71] {JNO 0x73} .text C:\Windows\explorer.exe[4440] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [6B, 71] .text C:\Windows\explorer.exe[4440] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Windows\explorer.exe[4440] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Windows\explorer.exe[4440] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\explorer.exe[4440] USER32.dll!SendInput + 4 76B97035 2 Bytes [9B, 71] .text C:\Windows\explorer.exe[4440] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Windows\explorer.exe[4440] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4440] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\explorer.exe[4440] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\explorer.exe[4440] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [89, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8C, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [86, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [80, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [83, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8F, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [77, 71] {JA 0x73} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [7A, 71] {JP 0x73} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 16, 00, 50, C3] {MOV EAX, 0x1675b7; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 16, 00, 50, C3] {MOV EAX, 0x168309; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [74, 71] {JZ 0x73} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 16, 00, 50, C3] {MOV EAX, 0x1618b7; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 16, 00, 50, C3, ...] {MOV EAX, 0x1675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 16, 00, 50, C3, ...] {MOV EAX, 0x1677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 16, 00, 50, C3, ...] {MOV EAX, 0x165d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d45; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 16, 00, 50, C3] {MOV EAX, 0x161dd5; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 16, 00, 50, C3, ...] {MOV EAX, 0x165b96; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 16, 00, 50, C3, ...] {MOV EAX, 0x167698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 16, 00, 50, C3] {MOV EAX, 0x1618dd; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 16, 00, 50, C3] {MOV EAX, 0x161e20; PUSH EAX; RET } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 16, 00, 50, C3, ...] {MOV EAX, 0x161d8d; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 16, 00, 50, C3, ...] {MOV EAX, 0x167348; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 16] {INC EBP; JA 0x19} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 16, 00, 50, C3, ...] {MOV EAX, 0x1658e4; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 16, 00, 50, C3, ...] {MOV EAX, 0x16194f; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 16, 00, 50, C3, ...] {MOV EAX, 0x16567a; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 16] {FST QWORD [EBP+0x16]} .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 16, 00, 50, C3, ...] {MOV EAX, 0x168657; PUSH EAX; RET ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 16, 00, 50, C3, ...] {MOV EAX, 0x1669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Users\MG\Downloads\bbxprnx9.exe[4892] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [89, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8C, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [86, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [80, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [83, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8F, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 06, 00, 50, C3] {MOV EAX, 0x675b7; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 06, 00, 50, C3] {MOV EAX, 0x68309; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] KERNEL32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] KERNEL32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] KERNEL32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 06, 00, 50, C3] {MOV EAX, 0x618b7; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 06, 00, 50, C3, ...] {MOV EAX, 0x675eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 06, 00, 50, C3, ...] {MOV EAX, 0x677e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 06, 00, 50, C3, ...] {MOV EAX, 0x65d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d45; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 06, 00, 50, C3] {MOV EAX, 0x61dd5; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 06, 00, 50, C3, ...] {MOV EAX, 0x65b96; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 06, 00, 50, C3, ...] {MOV EAX, 0x67698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 06, 00, 50, C3] {MOV EAX, 0x618dd; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 06, 00, 50, C3] {MOV EAX, 0x61e20; PUSH EAX; RET } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 06, 00, 50, C3, ...] {MOV EAX, 0x61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 06, 00, 50, C3, ...] {MOV EAX, 0x67348; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 06] {INC EBP; JA 0x9} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 06, 00, 50, C3, ...] {MOV EAX, 0x658e4; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 06, 00, 50, C3, ...] {MOV EAX, 0x6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 06, 00, 50, C3, ...] {MOV EAX, 0x6567a; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 06] {FST QWORD [EBP+0x6]} .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 06, 00, 50, C3, ...] {MOV EAX, 0x68657; PUSH EAX; RET ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 06, 00, 50, C3, ...] {MOV EAX, 0x669b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ws2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ws2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ws2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[5620] ws2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtCreateFile 777D56B0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtCreateFile + 4 777D56B4 2 Bytes [89, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtDeleteValueKey 777D5930 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtDeleteValueKey + 4 777D5934 2 Bytes [8C, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtOpenFile 777D5DC0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtOpenFile + 4 777D5DC4 2 Bytes [86, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtOpenProcess 777D5E70 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtOpenProcess + 4 777D5E74 2 Bytes [80, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetContextThread 777D6650 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetContextThread + 4 777D6654 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetInformationFile 777D6720 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetInformationFile + 4 777D6724 2 Bytes [83, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetValueKey 777D68F0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSetValueKey + 4 777D68F4 2 Bytes [8F, 71] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSuspendThread 777D6980 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtSuspendThread + 4 777D6984 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtTerminateThread 777D69C0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!NtTerminateThread + 4 777D69C4 2 Bytes [7A, 71] {JP 0x73} .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!LdrUnloadDll 777ECBCE 7 Bytes [B8, B7, 75, 05, 00, 50, C3] {MOV EAX, 0x575b7; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] ntdll.dll!LdrLoadDll 777F2576 7 Bytes [B8, 09, 83, 05, 00, 50, C3] {MOV EAX, 0x58309; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] kernel32.dll!TerminateProcess 77402D15 6 Bytes JMP 69C12FC0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] kernel32.dll!CreateProcessInternalW 774108A2 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] kernel32.dll!CreateProcessInternalW + 4 774108A6 2 Bytes [74, 71] {JZ 0x73} .text C:\Windows\system32\taskhost.exe[5932] ole32.dll!CoGetClassObject 767154AD 10 Bytes [B8, D7, 69, 05, 00, 50, C3, ...] {MOV EAX, 0x569d7; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] ole32.dll!CoCreateInstance 76729D0B 8 Bytes [B8, 57, 86, 05, 00, 50, C3, ...] {MOV EAX, 0x58657; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] ole32.dll!CoCreateInstanceEx 76729D4E 9 Bytes [B8, B1, 69, 05, 00, 50, C3, ...] {MOV EAX, 0x569b1; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SetWindowLongA 76B68BAB 7 Bytes [B8, B7, 18, 05, 00, 50, C3] {MOV EAX, 0x518b7; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetAsyncKeyState 76B6A25E 11 Bytes [B8, EB, 75, 05, 00, 50, C3, ...] {MOV EAX, 0x575eb; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!CallNextHookEx 76B6ABE9 11 Bytes [B8, E6, 77, 05, 00, 50, C3, ...] {MOV EAX, 0x577e6; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SendMessageA 76B6AD68 6 Bytes JMP 69C11D70 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PostMessageA 76B6B44E 6 Bytes JMP 69C11EF0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PostThreadMessageW + 80 76B6EF84 11 Bytes [B8, 61, 5D, 05, 00, 50, C3, ...] {MOV EAX, 0x55d61; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetMessageA 76B718A1 8 Bytes [B8, 45, 1D, 05, 00, 50, C3, ...] {MOV EAX, 0x51d45; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PeekMessageA 76B719AD 7 Bytes [B8, D5, 1D, 05, 00, 50, C3] {MOV EAX, 0x51dd5; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PtInRect + B2 76B7244C 8 Bytes [B8, 96, 5B, 05, 00, 50, C3, ...] {MOV EAX, 0x55b96; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetKeyState 76B72B55 11 Bytes [B8, 98, 76, 05, 00, 50, C3, ...] {MOV EAX, 0x57698; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SetWindowLongW 76B74451 7 Bytes [B8, DD, 18, 05, 00, 50, C3] {MOV EAX, 0x518dd; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PostMessageW 76B74483 6 Bytes JMP 69C11FB0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SendMessageW 76B75549 6 Bytes JMP 69C11E30 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!PeekMessageW 76B7635A 7 Bytes [B8, 20, 1E, 05, 00, 50, C3] {MOV EAX, 0x51e20; PUSH EAX; RET } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetMessageW 76B7CE00 8 Bytes [B8, 8D, 1D, 05, 00, 50, C3, ...] {MOV EAX, 0x51d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!mouse_event 76B86221 6 Bytes JMP 69C11C40 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetMessagePos + 66 76B96781 8 Bytes [B8, 48, 73, 05, 00, 50, C3, ...] {MOV EAX, 0x57348; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetKeyboardState + 1 76B9695F 3 Bytes [45, 77, 05] {INC EBP; JA 0x8} .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetKeyboardState + 5 76B96963 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SendInput 76B97031 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!SendInput + 4 76B97035 2 Bytes [A4, 71] .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!DdeConnectList + 64F 76BAF588 8 Bytes [B8, E4, 58, 05, 00, 50, C3, ...] {MOV EAX, 0x558e4; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!EndTask 76BAFE2E 8 Bytes [B8, 4F, 19, 05, 00, 50, C3, ...] {MOV EAX, 0x5194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetRawInputBuffer 76BB725F 8 Bytes [B8, 7A, 56, 05, 00, 50, C3, ...] {MOV EAX, 0x5567a; PUSH EAX; RET ; NOP } .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!keybd_event 76BBED0B 6 Bytes JMP 69C11CA0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetRawInputData + 1 76BC4CF6 3 Bytes [DD, 55, 05] {FST QWORD [EBP+0x5]} .text C:\Windows\system32\taskhost.exe[5932] USER32.dll!GetRawInputData + 5 76BC4CFA 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\system32\taskhost.exe[5932] ADVAPI32.dll!CreateServiceW 76E47154 6 Bytes JMP 69C121E0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] ADVAPI32.dll!CreateServiceA 76E633FC 6 Bytes JMP 69C12100 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] WS2_32.dll!WSALookupServiceBeginW 76D1575A 6 Bytes JMP 69C11A10 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] WS2_32.dll!connect 76D16BDD 6 Bytes JMP 69C11860 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text C:\Windows\system32\taskhost.exe[5932] WS2_32.dll!listen 76D1B001 6 Bytes JMP 69C11900 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll C:\Windows\system32\taskhost.exe[5932] WS2_32.dll!WSAConnect 76D1CC3F 6 Bytes JMP 69C118B0 C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks32.dll .text